CVE-2019-6851

moderate-risk
Published 2019-10-29

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.

Do I need to act?

-
0.44% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Tsxmcpc002M Firmware
Tsxmcpc512K Firmware
Tsxmfpp001M Firmware
Tsxmfpp002M Firmware
Tsxmfpp004M Firmware
Tsxmfpp512K Firmware
Tsxmrpc001M Firmware
Tsxmrpc002M Firmware
Tsxmrpc003M Firmware
Tsxmrpc007M Firmware
Tsxmrpc01M7 Firmware
Tsxmrpc768K Firmware
Tsxmrpf004M Firmware
Tsxmrpf008M Firmware
Tsxmfp0128P2 Firmware
Tsxmfp064P2 Firmware
Tsxmfpp224K Firmware
Tsxmfpp384K Firmware

Affected Vendors

Schneider-Electric

References (2)

Vendor Advisory https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01
Vendor Advisory https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 21/34 · High