Main Vulnerability Database Vulnerabilities #VU22578

#VU22578 Cleartext transmission of sensitive information in Schneider Electric products - CVE-2019-6846

Published: November 7, 2019

Vulnerability identifier: #VU22578

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-6846

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Modicon M340
Modicon M580
Modicon 140CRA modules
Modicon BMxCRA modules

Software vendor:
Schneider Electric

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information when using the FTP protocol. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02

#VU22578 Cleartext transmission of sensitive information in Schneider Electric products - CVE-2019-6846

Description

Remediation

External links

Please verify you're human