CVE-2019-6851
published 2019-10-29CVE-2019-6851: A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware…
PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
29.89%
98.0th percentile
A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| the_openjpeg_project | openjpeg2 | >= 0 < 2.1.2-1.1+deb9u5build0.16.04.1 | 2.1.2-1.1+deb9u5build0.16.04.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6j7h-88x9-v95m: A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware
ghsa_unreviewed·2022-05-24
CVE-2019-6851 [MEDIUM] CWE-200 GHSA-6j7h-88x9-v95m: A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware
A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.
OSV
OpenJPEG vulnerabilities
osv·2020-09-15·CVSS 7.5
CVE-2016-9112 OpenJPEG vulnerabilities
OpenJPEG vulnerabilities
It was discovered that OpenJPEG incorrectly handled certain image files. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2016-9112)
It was discovered that OpenJPEG did not properly handle certain input. If
OpenJPEG were supplied with specially crafted input, it could be made to crash
or potentially execute arbitrary code.
(CVE-2018-20847, CVE-2018-21010, CVE-2020-6851, CVE-2020-8112, CVE-2020-15389)
It was discovered that OpenJPEG incorrectly handled certain BMP files. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2019-12973)
No detection rules found.
No public exploits indexed.
arXiv
The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities around the World
arxiv_fulltext·2021-11-27
The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities around the World
The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities around the World
Simon Daniel Duque Anton,
Daniel Fraunholz,
Daniel Krohmer,
Daniel Reti,
Daniel Schneider,
and Hans Dieter Schotten
This is a pre-print of a paper published in the IEEE Internet of Things Journal.
Please cite as: SD Duque Anton, D Fraunholz, D Krohmer, D Reti, D Schneider, and HD Schotten: The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilites around the World, IEEE Internet of Things Journal, May 2021
S. D. Duque Anton was with the German Research Center for Artificial Intelligence. He is now with the comlet Verteilte Systeme GmbH and with the University of Kaiserslautern.
D. Reti, D. Schneider and H. D. Schotten are with the G
Talos
Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
blogs_talos·2019-10-08·CVSS 4.9
[MEDIUM] Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
Jared Rittle and Patrick DeSantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, the majority of which can cause a denial of service. The Modicon M580 is the latest in
Schneider Electric's Modicon line of programmable automation controllers. The majority of the bugs we will discuss exist in the Modicon's use of FTP.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Schneider Electric to ensure that these issues are resolved and that an update is available for affected customers. Talos previously disclosed a separate round of vulnerabilities in this product in June.
### Vulnerability details
Schneider Electric Modicon M58
Talos
Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
blogs_talos·2019-10-08·CVSS 4.9
[MEDIUM] Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
## Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
Jared Rittle and Patrick DeSantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, the majority of which can cause a denial of service. The Modicon M580 is the latest in
Schneider Electric's Modicon line of programmable automation controllers. The majority of the bugs we will discuss exist in the Modicon's use of FTP.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Schneider Electric to ensure that these issues are resolved and that an update is available for affected customers. Talos previously disclosed a separate round of vulnerabil
2019-10-29
Published