CVE-2019-6859

Name of the Vulnerable Software and Affected Versions Modicon Controllers versions prior to the fixed version

Description The issue is related to the presence of hardcoded credentials used for transmitting configuration files to Modicon Controllers equipment. This could allow a remote attacker to execute arbitrary commands on the equipment. The vulnerability may cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

Recommendations For Modicon Controllers versions prior to the fixed version, consider disabling the use of hardcoded credentials for FTP transmissions until a patch is available. Restrict access to the Web server of the controller when it is used on an unsecure network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.