Details of VAR-201910-0583

ID

VAR-201910-0583

CVE

CVE-2019-6850

TITLE

plural Modicon Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-011423

DESCRIPTION

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module. Modicon M580 , Modicon BMENOC 0311 , Modicon BMENOC 0321 Contains an information disclosure vulnerability.Information may be obtained. Modicon M580 / BMENOC 0311 / BMENOC 0321 are all programmable logic controllers from Schneider Electric

Trust: 2.34

sources: NVD: CVE-2019-6850 // JVNDB: JVNDB-2019-011423 // CNVD: CNVD-2019-44957 // IVD: 048ec798-36a9-42af-963a-821950cd5c84

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 048ec798-36a9-42af-963a-821950cd5c84 // CNVD: CNVD-2019-44957

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon bmenoc 0311	scope:	eq	version:	-	Trust: 2.2
vendor:	schneider electric	model:	modicon m580	scope:	eq	version:	-	Trust: 2.2
vendor:	schneider electric	model:	modicon bmenoc 0321	scope:	eq	version:	-	Trust: 2.2
vendor:	schneider electric	model:	modicon bmenoc 0311	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon bmenoc 0321	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon m580	scope:	-	version:	-	Trust: 0.6
vendor:	modicon m580	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	modicon bmenoc 0311	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	modicon bmenoc 0321	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 048ec798-36a9-42af-963a-821950cd5c84 // CNVD: CNVD-2019-44957 // JVNDB: JVNDB-2019-011423 // CNNVD: CNNVD-201910-409 // NVD: CVE-2019-6850

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6850
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6850
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-44957
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-409
value:	HIGH
Trust: 0.6
IVD:	048ec798-36a9-42af-963a-821950cd5c84
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2019-6850
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-44957
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	048ec798-36a9-42af-963a-821950cd5c84
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-6850
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6850
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 048ec798-36a9-42af-963a-821950cd5c84 // CNVD: CNVD-2019-44957 // JVNDB: JVNDB-2019-011423 // CNNVD: CNNVD-201910-409 // NVD: CVE-2019-6850

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2019-011423 // NVD: CVE-2019-6850

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-409

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201910-409

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011423

PATCH

title:	SEVD-2019-281-04	url:	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04	Trust: 0.8
title:	Patch for Schneider Electric Modicon M580 / BMENOC 0311 / BMENOC 0321 Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/193529	Trust: 0.6

sources: CNVD: CNVD-2019-44957 // JVNDB: JVNDB-2019-011423

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6850	Trust: 3.2
db:	SCHNEIDER	id:	SEVD-2019-281-04	Trust: 1.6
db:	CNVD	id:	CNVD-2019-44957	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-409	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-011423	Trust: 0.8
db:	TALOS	id:	TALOS-2019-0868	Trust: 0.6
db:	IVD	id:	048EC798-36A9-42AF-963A-821950CD5C84	Trust: 0.2

sources: IVD: 048ec798-36a9-42af-963a-821950cd5c84 // CNVD: CNVD-2019-44957 // JVNDB: JVNDB-2019-011423 // CNNVD: CNNVD-201910-409 // NVD: CVE-2019-6850

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-6850	Trust: 2.0
url:	https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-04	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6850	Trust: 0.8
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2019-0868	Trust: 0.6

sources: CNVD: CNVD-2019-44957 // JVNDB: JVNDB-2019-011423 // CNNVD: CNNVD-201910-409 // NVD: CVE-2019-6850

CREDITS

Discovered by Jared Rittle of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-201910-409

SOURCES

db:	IVD	id:	048ec798-36a9-42af-963a-821950cd5c84
db:	CNVD	id:	CNVD-2019-44957
db:	JVNDB	id:	JVNDB-2019-011423
db:	CNNVD	id:	CNNVD-201910-409
db:	NVD	id:	CVE-2019-6850

LAST UPDATE DATE

2024-11-23T22:21:25.712000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-44957	date:	2019-12-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-011423	date:	2019-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201910-409	date:	2019-11-22T00:00:00
db:	NVD	id:	CVE-2019-6850	date:	2024-11-21T04:47:16.667

SOURCES RELEASE DATE

db:	IVD	id:	048ec798-36a9-42af-963a-821950cd5c84	date:	2019-12-11T00:00:00
db:	CNVD	id:	CNVD-2019-44957	date:	2019-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-011423	date:	2019-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201910-409	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2019-6850	date:	2019-10-29T19:15:22.487