PT-2019-18376 · Schneider Electric · Modicon Premium+3
Published
2019-10-29
·
Updated
2022-02-03
·
CVE-2019-6851
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Modicon M580 (all firmware versions)
Modicon M340 (all firmware versions)
Modicon Premium (all firmware versions)
Modicon Quantum (all firmware versions)
Description
A File and Directory Information Exposure issue exists, which could cause the disclosure of information from the controller when using the TFTP protocol.
Recommendations
For Modicon M580, consider disabling the use of the TFTP protocol until a fix is available.
For Modicon M340, consider disabling the use of the TFTP protocol until a fix is available.
For Modicon Premium, consider disabling the use of the TFTP protocol until a fix is available.
For Modicon Quantum, consider disabling the use of the TFTP protocol until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Modicon M340
Modicon M580
Modicon Premium
Modicon Quantum