← Voltar para CVEs

CVE-2017-6028

CRITICAL

9.8

Descricao

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado6/30/2017

Ultima modificacao4/20/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

schneider-electric:modicon_m241schneider-electric:modicon_m241_firmwareschneider-electric:modicon_m251schneider-electric:modicon_m251_firmware

Fraquezas (CWE)

CWE-522CWE-522

Referencias

http://www.securityfocus.com/bid/97254(ics-cert@hq.dhs.gov)

https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02(ics-cert@hq.dhs.gov)

http://www.securityfocus.com/bid/97254(af854a3a-2127-422b-91ae-364da2661108)

https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.