CVE-2019-6849

Name of the Vulnerable Software and Affected Versions Modicon M580 (affected versions not specified) Modicon BMENOC 0311 (affected versions not specified) Modicon BMENOC 0321 (affected versions not specified)

Description A vulnerability exists that could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module. The issue is related to the use of the Modbus service provided by the REST API, which can allow a remote attacker to expose protected information.

Recommendations For Modicon M580, consider restricting access to the Modbus services provided by the REST API until a fix is available. For Modicon BMENOC 0311, avoid using the Modbus service in the REST API to minimize the risk of exploitation. For Modicon BMENOC 0321, as a temporary workaround, consider disabling the use of specific Modbus services provided by the REST API until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.