CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-6028

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 5.0

References

Products affected by CVE-2017-6028

Schneider-Electric » Modicon M241 » Version: N/A

cpe:2.3:h:schneider-electric:modicon_m241:-
Schneider-Electric » Modicon M251 » Version: N/A

cpe:2.3:h:schneider-electric:modicon_m251:-
Schneider-Electric » Modicon M241 Firmware » Version: N/A

cpe:2.3:o:schneider-electric:modicon_m241_firmware:-
Schneider-Electric » Modicon M241 Firmware » Version: 4.0.3.20

cpe:2.3:o:schneider-electric:modicon_m241_firmware:4.0.3.20
Schneider-Electric » Modicon M251 Firmware » Version: N/A

cpe:2.3:o:schneider-electric:modicon_m251_firmware:-
Schneider-Electric » Modicon M251 Firmware » Version: 4.0.3.20

cpe:2.3:o:schneider-electric:modicon_m251_firmware:4.0.3.20

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-6028

Products

Pricing

Contact Us