← back
CVE-2019-6855

CVE-2019-6855

EPSS 1.0%CWE-863
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
06 Jan 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.
Affected products
n/a · EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.se.com/ww/en/download/document/SEVD-2019-344-02/