Sign-up

ID

VAR-201905-0042


CVE

CVE-2019-6806


TITLE

plural Modicon Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004753

DESCRIPTION

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus. plural Modicon The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. This vulnerability stems from configuration errors in network systems or products during operation. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)

Trust: 2.43

sources: NVD: CVE-2019-6806 // JVNDB: JVNDB-2019-004753 // CNVD: CNVD-2019-15331 // IVD: 262ff5a7-e7f0-4962-8aee-f3602ad478ed // VULHUB: VHN-158241

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 262ff5a7-e7f0-4962-8aee-f3602ad478ed // CNVD: CNVD-2019-15331

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon quantumscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon premiumscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:ltversion:3.10

Trust: 1.0

vendor:schneider electricmodel:modicon m580scope:ltversion:2.90

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon premiumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon quantumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m580scope: - version: -

Trust: 0.6

vendor:modicon premiummodel: - scope:eqversion: -

Trust: 0.2

vendor:modicon quantummodel: - scope:eqversion: -

Trust: 0.2

vendor:modicon m340model: - scope:eqversion:*

Trust: 0.2

vendor:modicon m580model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 262ff5a7-e7f0-4962-8aee-f3602ad478ed // CNVD: CNVD-2019-15331 // JVNDB: JVNDB-2019-004753 // NVD: CVE-2019-6806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6806
value: HIGH

Trust: 1.0

NVD: CVE-2019-6806
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-15331
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-943
value: HIGH

Trust: 0.6

IVD: 262ff5a7-e7f0-4962-8aee-f3602ad478ed
value: HIGH

Trust: 0.2

VULHUB: VHN-158241
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6806
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-15331
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 262ff5a7-e7f0-4962-8aee-f3602ad478ed
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-158241
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6806
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6806
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 262ff5a7-e7f0-4962-8aee-f3602ad478ed // CNVD: CNVD-2019-15331 // VULHUB: VHN-158241 // JVNDB: JVNDB-2019-004753 // CNNVD: CNNVD-201905-943 // NVD: CVE-2019-6806

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-158241 // JVNDB: JVNDB-2019-004753 // NVD: CVE-2019-6806

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-943

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-943

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004753

PATCH
title:SEVD-2019-134-11url:https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-004753

EXTERNAL IDS
db:NVDid:CVE-2019-6806
Trust: 3.3
db:SCHNEIDERid:SEVD-2019-134-11
Trust: 2.3
db:TALOSid:TALOS-2019-0769
Trust: 1.7
db:CNNVDid:CNNVD-201905-943
Trust: 0.9
db:CNVDid:CNVD-2019-15331
Trust: 0.8
db:JVNDBid:JVNDB-2019-004753
Trust: 0.8
db:IVDid:262FF5A7-E7F0-4962-8AEE-F3602AD478ED
Trust: 0.2
db:VULHUBid:VHN-158241
Trust: 0.1
sources:
            
            
            IVD: 262ff5a7-e7f0-4962-8aee-f3602ad478ed // 
            
            
            
            CNVD: CNVD-2019-15331 // 
            
            
            
            VULHUB: VHN-158241 // 
            
            
            
            JVNDB: JVNDB-2019-004753 // 
            
            
            
            CNNVD: CNNVD-201905-943 // 
            
            
            
            NVD: CVE-2019-6806

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/
Trust: 2.3
url:https://www.talosintelligence.com/vulnerability_reports/talos-2019-0769
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6806
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6806
Trust: 0.8
url:https://web.nvd.nist.gov//vuln/detail/cve-2019-6806
Trust: 0.6
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0769
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-15331 // 
            
            
            
            VULHUB: VHN-158241 // 
            
            
            
            JVNDB: JVNDB-2019-004753 // 
            
            
            
            CNNVD: CNNVD-201905-943 // 
            
            
            
            NVD: CVE-2019-6806

CREDITS
Discovered by Jared Rittle of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-943

SOURCES
db:IVDid:262ff5a7-e7f0-4962-8aee-f3602ad478ed
db:CNVDid:CNVD-2019-15331
db:VULHUBid:VHN-158241
db:JVNDBid:JVNDB-2019-004753
db:CNNVDid:CNNVD-201905-943
db:NVDid:CVE-2019-6806

LAST UPDATE DATE
2024-11-23T21:52:12.462000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-15331date:2019-05-24T00:00:00
db:VULHUBid:VHN-158241date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-004753date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-943date:2022-03-10T00:00:00
db:NVDid:CVE-2019-6806date:2024-11-21T04:47:11.773

SOURCES RELEASE DATE
db:IVDid:262ff5a7-e7f0-4962-8aee-f3602ad478eddate:2019-05-24T00:00:00
db:CNVDid:CNVD-2019-15331date:2019-05-24T00:00:00
db:VULHUBid:VHN-158241date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2019-004753date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-943date:2019-05-22T00:00:00
db:NVDid:CVE-2019-6806date:2019-05-22T21:29:00.603