← Zuruck zu CVEs

CVE-2017-6028

CRITICAL

9.8

Beschreibung

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht6/30/2017

Zuletzt geandert4/20/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

schneider-electric:modicon_m241schneider-electric:modicon_m241_firmwareschneider-electric:modicon_m251schneider-electric:modicon_m251_firmware

Schwachen (CWE)

CWE-522CWE-522

Referenzen

http://www.securityfocus.com/bid/97254(ics-cert@hq.dhs.gov)

https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02(ics-cert@hq.dhs.gov)

http://www.securityfocus.com/bid/97254(af854a3a-2127-422b-91ae-364da2661108)

https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.