CVE-2019-6855

Name: CVE-2019-6855
Creator: NVD / NIST
Published: 2020-01-06T23:15:11.237+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.3/10EPSS 0.95%

Last modified Jun 17, 2026

CVE-2019-6855 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.. EPSS estimates a 0.95% chance of exploitation in the next 30 days.

Description

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.

Metrics

CVSS 3.1

7.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Probability

0.95%

56.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Schneider-Electric	Ecostruxure Control Expert	< 14.1
Schneider-Electric	Ecostruxure Control Expert	14.1
Schneider-Electric	Unity Pro	All versions
Schneider-Electric	Modicon M580 Bmep584040 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmeh584040 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmep586040 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmeh586040 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmep581020 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmep582020 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmep582040 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmep583020 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmep583040 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmep584020 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmep585040 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmeh582040 Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmep584040s Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmeh584040s Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmeh586040s Firmware	< 3.10
Schneider-Electric	Modicon M580 Bmep582040s Firmware	< 3.10
Schneider-Electric	Modicon M340 Bmxp3420302 Firmware	< 3.20
Schneider-Electric	Modicon M340 Bmxp342020 Firmware	< 3.20
Schneider-Electric	Modicon M340 Bmxp342000 Firmware	< 3.20
Schneider-Electric	Modicon M340 Bmxp341000 Firmware	< 3.20
Schneider-Electric	Modicon M340 Bmxp3420102 Firmware	< 3.20

References

https://www.se.com/ww/en/download/document/SEVD-2019-344-02/Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2019-344-02/Vendor Advisory

Timeline

Published: Jan 6, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-6855?

How severe is CVE-2019-6855?

CVE-2019-6855 has a CVSS score of 7.3/10 (HIGH severity). The EPSS model estimates a 0.95% probability of exploitation in the next 30 days.

How do I fix CVE-2019-6855?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-6855?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST