CVE-2019-6855
moderate-risk
Published 2020-01-06
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.
Do I need to act?
-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.3/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Unity Pro
Modicon M580 Bmep584040 Firmware
Modicon M580 Bmeh584040 Firmware
Modicon M580 Bmep586040 Firmware
Modicon M580 Bmeh586040 Firmware
Modicon M580 Bmep581020 Firmware
Modicon M580 Bmep582020 Firmware
Modicon M580 Bmep582040 Firmware
Modicon M580 Bmep583020 Firmware
Modicon M580 Bmep583040 Firmware
Modicon M580 Bmep584020 Firmware
Modicon M580 Bmep585040 Firmware
Modicon M580 Bmeh582040 Firmware
Modicon M580 Bmep584040S Firmware
Modicon M580 Bmeh584040S Firmware
Modicon M580 Bmeh586040S Firmware
Modicon M580 Bmep582040S Firmware
Affected Vendors
References (2)
Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2019-344-02/
Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2019-344-02/
48
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
21/34 · High