CVE-2019-6845
Severity CVSS v4.0:
Pending analysis
Type:
CWE-319
Cleartext Transmission of Sensitive Information
Publication date:
29/10/2019
Last modified:
03/02/2022
Description
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page