CVE-2019-6846

Name of the Vulnerable Software and Affected Versions Modicon M580 (all firmware versions) Modicon M340 (all firmware versions) Modicon BMxCRA (all firmware versions) Modicon 140CRA (all firmware versions)

Description The issue is related to the transmission of sensitive information in plaintext using the FTP protocol, which could allow a remote attacker to disclose protected information.

Recommendations For Modicon M580, consider disabling the FTP protocol until a secure alternative is implemented. For Modicon M340, restrict access to the FTP service to minimize the risk of information disclosure. For Modicon BMxCRA and 140CRA modules, avoid using the FTP protocol for transmitting sensitive information until a patch or secure configuration is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.