CVE-2019-6849
HIGHModicon M580,BMENOC 0311,BMENOC 0321 - Info Disclosure
Title source: llmDescription
A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04
Scores
CVSS v3
7.5
EPSS
0.0032
EPSS Percentile
55.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
schneider-electric/modicon_bmenoc_0311_firmware
schneider-electric/modicon_bmenoc_0321_firmware
schneider-electric/modicon_m580_firmware
Published
Oct 29, 2019
Tracked Since
Feb 18, 2026