Details of VAR-201706-0457

ID

VAR-201706-0457

CVE

CVE-2017-6028

TITLE

Schneider Electric Modicon PLC Modicon M241 and M251 Firmware vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-005288

DESCRIPTION

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. Schneider Electric Modicon PLC Modicon M241 and M251 The firmware contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. Successfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks

Trust: 2.79

sources: NVD: CVE-2017-6028 // JVNDB: JVNDB-2017-005288 // CNVD: CNVD-2017-09898 // BID: 97254 // IVD: b9eec958-8ae9-4302-889d-7ed13e29deaa // VULHUB: VHN-114231 // VULMON: CVE-2017-6028

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: b9eec958-8ae9-4302-889d-7ed13e29deaa // CNVD: CNVD-2017-09898

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m251	scope:	lte	version:	4.0.3.20	Trust: 1.0
vendor:	schneider electric	model:	modicon m241	scope:	lte	version:	4.0.3.20	Trust: 1.0
vendor:	schneider electric	model:	modicon m241	scope:	lt	version:	4.0.3.20	Trust: 0.8
vendor:	schneider electric	model:	modicon m251	scope:	lt	version:	4.0.3.20	Trust: 0.8
vendor:	schneider	model:	electric modicon m251	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m241	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m221	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	modicon m241	scope:	eq	version:	4.0.3.20	Trust: 0.6
vendor:	schneider electric	model:	modicon m251	scope:	eq	version:	4.0.3.20	Trust: 0.6
vendor:	schneider electric	model:	modicon m251	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon m241	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon m221	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon m251	scope:	ne	version:	4.0.5.11	Trust: 0.3
vendor:	schneider electric	model:	modicon m241	scope:	ne	version:	4.0.5.11	Trust: 0.3
vendor:	schneider electric	model:	modicon m221	scope:	ne	version:	1.5.0.0	Trust: 0.3
vendor:	modicon m241	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicon m251	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: b9eec958-8ae9-4302-889d-7ed13e29deaa // CNVD: CNVD-2017-09898 // BID: 97254 // JVNDB: JVNDB-2017-005288 // CNNVD: CNNVD-201702-584 // NVD: CVE-2017-6028

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6028
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-6028
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-09898
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201702-584
value:	CRITICAL
Trust: 0.6
IVD:	b9eec958-8ae9-4302-889d-7ed13e29deaa
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-114231
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-6028
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6028
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-09898
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	b9eec958-8ae9-4302-889d-7ed13e29deaa
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-114231
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6028
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2017-6028
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: b9eec958-8ae9-4302-889d-7ed13e29deaa // CNVD: CNVD-2017-09898 // VULHUB: VHN-114231 // VULMON: CVE-2017-6028 // JVNDB: JVNDB-2017-005288 // CNNVD: CNNVD-201702-584 // NVD: CVE-2017-6028

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-114231 // JVNDB: JVNDB-2017-005288 // NVD: CVE-2017-6028

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-584

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201702-584

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005288

PATCH

title:	SEVD-2017-075-03	url:	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-075-03	Trust: 0.8
title:	Patches for multiple Schneider Electric Modicon products	url:	https://www.cnvd.org.cn/patchInfo/show/95626	Trust: 0.6
title:	Fortinet Security Advisories: Fortinet Discovers Schneider Electric Modicon Insecure Credential Transmission Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-VD-20-102	Trust: 0.1
title:	CVE-2017-6028	url:	https://github.com/AlAIAL90/CVE-2017-6028	Trust: 0.1

sources: CNVD: CNVD-2017-09898 // VULMON: CVE-2017-6028 // JVNDB: JVNDB-2017-005288

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6028	Trust: 3.7
db:	ICS CERT	id:	ICSA-17-089-02	Trust: 2.9
db:	BID	id:	97254	Trust: 2.7
db:	CNNVD	id:	CNNVD-201702-584	Trust: 0.9
db:	CNVD	id:	CNVD-2017-09898	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005288	Trust: 0.8
db:	IVD	id:	B9EEC958-8AE9-4302-889D-7ED13E29DEAA	Trust: 0.2
db:	VULHUB	id:	VHN-114231	Trust: 0.1
db:	VULMON	id:	CVE-2017-6028	Trust: 0.1

sources: IVD: b9eec958-8ae9-4302-889d-7ed13e29deaa // CNVD: CNVD-2017-09898 // VULHUB: VHN-114231 // VULMON: CVE-2017-6028 // BID: 97254 // JVNDB: JVNDB-2017-005288 // CNNVD: CNNVD-201702-584 // NVD: CVE-2017-6028

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-089-02	Trust: 3.0
url:	http://www.securityfocus.com/bid/97254	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6028	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6028	Trust: 0.8
url:	http://www.schneider-electric.com/products/ww/en/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://github.com/alaial90/cve-2017-6028	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=53312	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-09898 // VULHUB: VHN-114231 // VULMON: CVE-2017-6028 // BID: 97254 // JVNDB: JVNDB-2017-005288 // CNNVD: CNNVD-201702-584 // NVD: CVE-2017-6028

CREDITS

David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc

Trust: 0.3

sources: BID: 97254

SOURCES

db:	IVD	id:	b9eec958-8ae9-4302-889d-7ed13e29deaa
db:	CNVD	id:	CNVD-2017-09898
db:	VULHUB	id:	VHN-114231
db:	VULMON	id:	CVE-2017-6028
db:	BID	id:	97254
db:	JVNDB	id:	JVNDB-2017-005288
db:	CNNVD	id:	CNNVD-201702-584
db:	NVD	id:	CVE-2017-6028

LAST UPDATE DATE

2025-04-20T23:16:07.305000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-09898	date:	2017-06-16T00:00:00
db:	VULHUB	id:	VHN-114231	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2017-6028	date:	2021-08-26T00:00:00
db:	BID	id:	97254	date:	2017-04-04T00:02:00
db:	JVNDB	id:	JVNDB-2017-005288	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201702-584	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2017-6028	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	b9eec958-8ae9-4302-889d-7ed13e29deaa	date:	2017-06-16T00:00:00
db:	CNVD	id:	CNVD-2017-09898	date:	2017-06-16T00:00:00
db:	VULHUB	id:	VHN-114231	date:	2017-06-30T00:00:00
db:	VULMON	id:	CVE-2017-6028	date:	2017-06-30T00:00:00
db:	BID	id:	97254	date:	2017-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-005288	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201702-584	date:	2017-02-17T00:00:00
db:	NVD	id:	CVE-2017-6028	date:	2017-06-30T03:29:00.360