Intrusion Prevention

SE.Modicon.M580.UMAS.readbolarray.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure vulnerability in Schneider Electric Modicon M580 UMAS.
An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable device. Successful exploitation causes the device to return blocks of program memory, resulting in the disclosure of sensitive project information.

Affected Products

Schneider Electric Modicon M580 BMEP582040 SV2.80

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.schneider-electric.com/en/download/document/SEVD-2019-281-04/

CVE References

CVE-2019-6850