← Volver a CVEs

CVE-2017-6028

CRITICAL

9.8

Descripcion

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado6/30/2017

Ultima modificacion4/20/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

schneider-electric:modicon_m241schneider-electric:modicon_m241_firmwareschneider-electric:modicon_m251schneider-electric:modicon_m251_firmware

Debilidades (CWE)

CWE-522CWE-522

Referencias

http://www.securityfocus.com/bid/97254(ics-cert@hq.dhs.gov)

https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02(ics-cert@hq.dhs.gov)

http://www.securityfocus.com/bid/97254(af854a3a-2127-422b-91ae-364da2661108)

https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.