PT-2019-3848 · Schneider Electric · Modicon Bmenoc 0311+2
Published
2019-10-08
·
Updated
2019-11-01
·
CVE-2019-6850
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Modicon M580 versions (affected versions not specified)
Modicon BMENOC 0311 versions (affected versions not specified)
Modicon BMENOC 0321 versions (affected versions not specified)
Description
The issue is related to the use of REST API read register commands in the controller's firmware. It may allow a remote attacker to expose protected information. The vulnerability could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module.
Recommendations
For Modicon M580, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Modicon BMENOC 0311, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Modicon BMENOC 0321, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Modicon Bmenoc 0311
Modicon Bmenoc 0321
Modicon M580