CVE-2019-6852

CVE-2019-6852

Vendor Schneider Electric

Product Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)

Weakness CWE-200 · Info exposure

Published November 20, 2019

Last update May 28, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

Key dates

02Disclosure timeline

November 20, 2019 CVE published

May 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-6852 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2019-6852

CWE CWE-200

Affected versions

Vendor Schneider Electric

Affected Modicon Controllers (M340 CPUs

Vendor Schneider Electric

Affected M340 communication modules

Vendor Schneider Electric

Affected Premium CPUs

Vendor Schneider Electric

Affected Premium communication modules

Vendor Schneider Electric

Affected Quantum CPUs

Vendor Schneider Electric

Affected Quantum communication modules - see security notification for specific versions)

01Description

02Disclosure timeline

03References

04Related CVE