Details of VAR-201910-0579

ID

VAR-201910-0579

CVE

CVE-2019-6846

TITLE

plural Modicon Vulnerability related to clear transmission of important information in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-011543

DESCRIPTION

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol. plural Modicon The product contains a vulnerability related to clear transmission of important information.Information may be obtained. Schneider Electric Modicon M580 is a programmable automation controller from Schneider Electric of France

Trust: 2.16

sources: NVD: CVE-2019-6846 // JVNDB: JVNDB-2019-011543 // CNVD: CNVD-2020-02971

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-02971

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon 140cra	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon bmxcra	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m580	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m340	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon 140cra	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon bmxcra	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m340	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon m340	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m580	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon bmxcra	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon 140cra	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-02971 // JVNDB: JVNDB-2019-011543 // NVD: CVE-2019-6846

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6846
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-6846
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-02971
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-427
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-6846
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-02971
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-6846
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6846
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-02971 // JVNDB: JVNDB-2019-011543 // CNNVD: CNNVD-201910-427 // NVD: CVE-2019-6846

PROBLEMTYPE DATA

problemtype:

CWE-319

Trust: 1.8

sources: JVNDB: JVNDB-2019-011543 // NVD: CVE-2019-6846

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-427

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-427

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011543

PATCH

title:

SEVD-2019-281-02

url:

https://www.schneider-electric.com/en/download/document/SEVD-2019-281-02/

Trust: 0.8

sources: JVNDB: JVNDB-2019-011543

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6846	Trust: 3.0
db:	SCHNEIDER	id:	SEVD-2019-281-02	Trust: 2.2
db:	JVNDB	id:	JVNDB-2019-011543	Trust: 0.8
db:	CNVD	id:	CNVD-2020-02971	Trust: 0.6
db:	TALOS	id:	TALOS-2019-0827	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-427	Trust: 0.6

sources: CNVD: CNVD-2020-02971 // JVNDB: JVNDB-2019-011543 // CNNVD: CNNVD-201910-427 // NVD: CVE-2019-6846

REFERENCES

url:	https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-02	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6846	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6846	Trust: 0.8
url:	https://www.se.com/ww/en/download/document/sevd-2019-281-02/	Trust: 0.6
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2019-0827	Trust: 0.6

sources: CNVD: CNVD-2020-02971 // JVNDB: JVNDB-2019-011543 // CNNVD: CNNVD-201910-427 // NVD: CVE-2019-6846

CREDITS

Discovered by Jared Rittle of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-201910-427

SOURCES

db:	CNVD	id:	CNVD-2020-02971
db:	JVNDB	id:	JVNDB-2019-011543
db:	CNNVD	id:	CNNVD-201910-427
db:	NVD	id:	CVE-2019-6846

LAST UPDATE DATE

2024-11-23T21:36:37.755000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-02971	date:	2020-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-011543	date:	2019-11-12T00:00:00
db:	CNNVD	id:	CNNVD-201910-427	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2019-6846	date:	2024-11-21T04:47:16.200

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-02971	date:	2020-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-011543	date:	2019-11-12T00:00:00
db:	CNNVD	id:	CNNVD-201910-427	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2019-6846	date:	2019-10-29T19:15:22.187