V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2019-6806
CVE
High

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premiu…

CVSS
7.5
High
EPSS
0.02
p81
Published
2019-01-01
Updated
2019-01-01
Description

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus.

Tags · CWE
Pre-auth
Affected products
Modicon_m340_firmwareModicon_m580_firmwareModicon_premium_firmwareModicon_quantum_firmware
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Timeline
2019-01-01
Published
2019-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.023 · p81
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Schneider Electric
Modicon M340Modicon M580Modicon QuantumModicon PremiumModicon M580 FirmwareModicon M340 FirmwareModicon Quantum FirmwareModicon Premium Firmware
ProductVendorStatus
modicon_m340_firmware*Tracked
modicon_m580_firmware*Tracked
modicon_premium_firmware*Tracked
modicon_quantum_firmware*Tracked
Source databases
CVE
Related vulnerabilities
BDU:2019-02108