ByteOS Network

NVD Vulnerability Details :

CVE-2017-6028

Deferred

Source-ics-cert@hq.dhs.gov

Published At-30 Jun, 2017 | 03:29

Updated At-20 Apr, 2025 | 01:37

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Schneider Electric SE

>>modicon_m241_firmware>>Versions up to 4.0.3.20(inclusive)

cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m241>>-

cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m251_firmware>>Versions up to 4.0.3.20(inclusive)

cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>modicon_m251>>-

cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-522	Secondary	ics-cert@hq.dhs.gov
CWE-522	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/97254	ics-cert@hq.dhs.gov	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02	ics-cert@hq.dhs.gov	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/97254	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory US Government Resource

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History