PT-2019-5203 · Schneider Electric · Modicon M580+3

Published

2019-12-10

Updated

2022-01-31

CVE-2019-6855

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert versions prior to 14.1 Hot Fix Unity Pro versions prior to none specified Modicon M340 versions prior to V3.20 Modicon M580 versions prior to V3.10

Description The issue is related to inadequate access control in the EcoStruxure Control Expert software, which could allow a remote attacker to bypass the authentication process between EcoStruxure Control Expert and the controllers. This could potentially lead to unauthorized access.

Recommendations For EcoStruxure Control Expert versions prior to 14.1 Hot Fix, update to version 14.1 Hot Fix or later. For Unity Pro, since all versions are affected and no fixed version is specified, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Modicon M340 versions prior to V3.20, update to version V3.20 or later. For Modicon M580 versions prior to V3.10, update to version V3.10 or later.

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-285

Related Identifiers

BDU:2020-01897

CVE-2019-6855

Affected Products

Ecostruxure Control Expert

Modicon M340

Modicon M580

Unity Pro

PT-2019-5203 · Schneider Electric · Modicon M580+3

CVE-2019-6855

Weakness Enumeration

Related Identifiers

Affected Products

References · 6