Description
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2019-316-02
Scores
CVSS v3
7.5
EPSS
0.0034
EPSS Percentile
57.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-798
Status
published
Products (10)
schneider-electric/140_cpu6x_firmware
schneider-electric/140_noc_77101_firmware
schneider-electric/140_noc_78x00_firmware
schneider-electric/140_noe_771x1_firmware
schneider-electric/bmx_noc_0401_firmware
schneider-electric/bmx_noe_0100_firmware
schneider-electric/bmx_noe_0110_firmware
schneider-electric/bmx_p34x_firmware
schneider-electric/tsx_ety_x103_firmware
schneider-electric/tsx_p57x_firmware
Published
Apr 22, 2020
Tracked Since
Feb 18, 2026