Vulnetix
Try Vulnetix Request Demo
CVE-2019-6850 PUBLISHED CVSS 7.5 HIGH

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module.

EPSS 0.32% · 55.1th percentile

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.32%
55.1th percentile

Affected Products

VendorProductVersions
n/aModicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321
schneider-electricmodicon_bmenoc_0321_firmware
schneider-electricmodicon_m580_firmware
schneider-electricmodicon_bmenoc_0311_firmware

Timeline

References

Open in Interactive Console →