Sign-up

ID

VAR-201911-0879


CVE

CVE-2019-6852


TITLE

plural Schneider Electric Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-012217

DESCRIPTION

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network. plural Schneider Electric The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric M340 communication modules is a communication module of Schneider Electric in France. The vulnerability stems from network system or product configuration errors during operation. Unauthorized attackers can use this vulnerability to obtain sensitive information about the affected components

Trust: 2.16

sources: NVD: CVE-2019-6852 // JVNDB: JVNDB-2019-012217 // CNVD: CNVD-2020-22290

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22290

AFFECTED PRODUCTS

vendor:schneider electricmodel:tsx p57xscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:140 noc 78x00scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:tsx ety x103scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:bmx noe 0100scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:bmx p34xscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:bmx noc 0401scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:140 cpu6xscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:bmx noe 0110scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:140 noe 771x1scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:140 noc 77101scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:140 cpu6xscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:140 noc 77101scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:140 noc 78x00scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:140 noe 771x1scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmx noc 0401scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmx noe 0100scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmx noe 0110scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmx p34xscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsx ety x103scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsx p57xscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric m340 cpusscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric m340 communication modulesscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric premium cpusscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric premium communication modulesscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric quantum cpusscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric quantum communication modulesscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-22290 // JVNDB: JVNDB-2019-012217 // NVD: CVE-2019-6852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6852
value: HIGH

Trust: 1.0

NVD: CVE-2019-6852
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-22290
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-1206
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-6852
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-22290
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-6852
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6852
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22290 // JVNDB: JVNDB-2019-012217 // CNNVD: CNNVD-201911-1206 // NVD: CVE-2019-6852

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2019-012217 // NVD: CVE-2019-6852

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1206

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201911-1206

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012217

PATCH
title:SEVD-2019-316-02url:https://www.se.com/ww/en/download/document/SEVD-2019-316-02%20/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012217

EXTERNAL IDS
db:NVDid:CVE-2019-6852
Trust: 3.0
db:SCHNEIDERid:SEVD-2019-316-02
Trust: 2.2
db:SCHNEIDERid:SEVD-2019-281-02
Trust: 1.6
db:JVNDBid:JVNDB-2019-012217
Trust: 0.8
db:CNVDid:CNVD-2020-22290
Trust: 0.6
db:CNNVDid:CNNVD-201911-1206
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22290 // 
            
            
            
            JVNDB: JVNDB-2019-012217 // 
            
            
            
            CNNVD: CNNVD-201911-1206 // 
            
            
            
            NVD: CVE-2019-6852

REFERENCES
url:https://www.se.com/ww/en/download/document/sevd-2019-316-02%20/
Trust: 2.2
url:https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-02/
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-6852
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6852
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-22290 // 
            
            
            
            JVNDB: JVNDB-2019-012217 // 
            
            
            
            CNNVD: CNNVD-201911-1206 // 
            
            
            
            NVD: CVE-2019-6852

SOURCES
db:CNVDid:CNVD-2020-22290
db:JVNDBid:JVNDB-2019-012217
db:CNNVDid:CNNVD-201911-1206
db:NVDid:CVE-2019-6852

LAST UPDATE DATE
2024-11-23T21:36:37.556000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22290date:2020-04-11T00:00:00
db:JVNDBid:JVNDB-2019-012217date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-1206date:2020-07-14T00:00:00
db:NVDid:CVE-2019-6852date:2024-11-21T04:47:16.920

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22290date:2020-04-11T00:00:00
db:JVNDBid:JVNDB-2019-012217date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-1206date:2019-11-20T00:00:00
db:NVDid:CVE-2019-6852date:2019-11-20T22:15:12.030