CVE-2019-6845

Name of the Vulnerable Software and Affected Versions Modicon M580 (all firmware versions) Modicon M340 (all firmware versions) Modicon Premium (all firmware versions) Modicon Quantum (all firmware versions)

Description A Cleartext Transmission of Sensitive Information issue exists, which could cause the disclosure of information when transferring applications to the controller using the Modbus TCP protocol. This could allow a remote attacker to reveal protected information.

Recommendations For Modicon M580, consider disabling the use of Modbus TCP protocol until a fix is available. For Modicon M340, restrict access to the controller when transferring applications to minimize the risk of exploitation. For Modicon Premium, avoid using the Modbus TCP protocol for sensitive information transfer until the issue is resolved. For Modicon Quantum, as a temporary workaround, consider using alternative protocols for transferring applications to the controller until a patch is available.