CVE-2019-6850

{"id": "CVE-2019-6850", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-10-29T19:15:22.487", "references": [{"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module."}, {"lang": "es", "value": "Una CWE-200: Existe una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en Modicon M580, Modicon BMENOC 0311 y Modicon BMENOC 0321, lo que podr\u00eda causar la divulgaci\u00f3n de informaci\u00f3n confidencial cuando se leen registros espec\u00edficos con la API REST del m\u00f3dulo controlador y de comunicaci\u00f3n."}], "lastModified": "2019-11-01T13:44:43.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21CD1BE7-A4EC-4F24-AF27-18FE74D3B3D4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0311_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "198E2FA8-C256-488A-B708-94FA10715459"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0311:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9765691-FAFF-4187-A162-FCE25720C181"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0321_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EB1E46D-5A3F-4757-9147-465A63C12B61"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0321:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D6F92B09-1AF6-4EE5-BD09-2441B66F51C5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}