CVE-2019-6845

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
schneiderCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
schneider-electricmodicon_m580_firmware
*
schneider-electricmodicon_m340_firmware
*
schneider-electrictsxmcpc002m_firmware
*
schneider-electrictsxmcpc512k_firmware
*
schneider-electrictsxmfpp001m_firmware
*
schneider-electrictsxmfpp002m_firmware
*
schneider-electrictsxmfpp004m_firmware
*
schneider-electrictsxmfpp512k_firmware
*
schneider-electrictsxmrpc001m_firmware
*
schneider-electrictsxmrpc002m_firmware
*
schneider-electrictsxmrpc003m_firmware
*
schneider-electrictsxmrpc007m_firmware
*
schneider-electrictsxmrpc01m7_firmware
*
schneider-electrictsxmrpc768k_firmware
*
schneider-electrictsxmrpf004m_firmware
*
schneider-electrictsxmrpf008m_firmware
*
schneider-electrictsxmcpc002m_firmware
*
schneider-electrictsxmcpc512k_firmware
*
schneider-electrictsxmfp0128p2_firmware
*
schneider-electrictsxmfp064p2_firmware
*
schneider-electrictsxmfpp001m_firmware
*
schneider-electrictsxmfpp002m_firmware
*
schneider-electrictsxmfpp004m_firmware
*
schneider-electrictsxmfpp224k_firmware
*
schneider-electrictsxmfpp384k_firmware
*
schneider-electrictsxmfpp512k_firmware
*
schneider-electrictsxmrpc001m_firmware
*
schneider-electrictsxmrpc002m_firmware
*
schneider-electrictsxmrpc003m_firmware
*
schneider-electrictsxmrpc007m_firmware
*
schneider-electrictsxmrpc01m7_firmware
*
schneider-electrictsxmrpc448k_firmware
*
schneider-electrictsxmrpc768k_firmware
*
schneider-electrictsxmrpf004m_firmware
*
schneider-electrictsxmrpf008m_firmware
*
schneider-electrictsxmrpp224k_firmware
*
schneider-electrictsxmrpp384k_firmware
*
𝑥
= Vulnerable software versions