← back
CVE-2019-6849

CVE-2019-6849

EPSS 1.7%CWE-200
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
29 Oct 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module.
Affected products
n/a · Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04