Details of VAR-201706-0459

ID

VAR-201706-0459

CVE

CVE-2017-6032

TITLE

Schneider Electric Modicon PLC Multi-factor authentication bypass vulnerability

Trust: 0.8

sources: IVD: a2ad11b3-ca53-436e-80f3-47c4077e853c // CNVD: CNVD-2017-04917

DESCRIPTION

A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon PLC has a multi-factor authentication bypass vulnerability. Once the session key is transmitted in clear text, the attacker can replay the request and add arbitrary commands, including starting and stopping the PLC, and downloading its ladder diagram. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Attackers can exploit this vulnerability to implement brute force attacks

Trust: 2.7

sources: NVD: CVE-2017-6032 // JVNDB: JVNDB-2017-005264 // CNVD: CNVD-2017-04917 // BID: 97562 // IVD: a2ad11b3-ca53-436e-80f3-47c4077e853c // VULHUB: VHN-114235

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a2ad11b3-ca53-436e-80f3-47c4077e853c // CNVD: CNVD-2017-04917

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modbus	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	modbus	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon plc	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	modicon modbus protocol	scope:	eq	version:	0	Trust: 0.3
vendor:	modbus	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: a2ad11b3-ca53-436e-80f3-47c4077e853c // CNVD: CNVD-2017-04917 // BID: 97562 // JVNDB: JVNDB-2017-005264 // CNNVD: CNNVD-201704-1003 // NVD: CVE-2017-6032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6032
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6032
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-04917
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-1003
value:	MEDIUM
Trust: 0.6
IVD:	a2ad11b3-ca53-436e-80f3-47c4077e853c
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-114235
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6032
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-04917
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a2ad11b3-ca53-436e-80f3-47c4077e853c
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-114235
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6032
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: IVD: a2ad11b3-ca53-436e-80f3-47c4077e853c // CNVD: CNVD-2017-04917 // VULHUB: VHN-114235 // JVNDB: JVNDB-2017-005264 // CNNVD: CNNVD-201704-1003 // NVD: CVE-2017-6032

PROBLEMTYPE DATA

problemtype:	CWE-358	Trust: 1.9
problemtype:	CWE-657	Trust: 1.0

sources: VULHUB: VHN-114235 // JVNDB: JVNDB-2017-005264 // NVD: CVE-2017-6032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1003

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201704-1003

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005264

PATCH

title:	SEVD-2017-065-01	url:	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-065-01	Trust: 0.8
title:	Schneider Electric Modicon PLC Multi-Factor Authentication Bypass Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/92240	Trust: 0.6
title:	Schneider Electric Modicon Modbus Protocol Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70262	Trust: 0.6

sources: CNVD: CNVD-2017-04917 // JVNDB: JVNDB-2017-005264 // CNNVD: CNNVD-201704-1003

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6032	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-101-01	Trust: 2.8
db:	BID	id:	97562	Trust: 2.6
db:	CNNVD	id:	CNNVD-201704-1003	Trust: 0.9
db:	CNVD	id:	CNVD-2017-04917	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005264	Trust: 0.8
db:	IVD	id:	A2AD11B3-CA53-436E-80F3-47C4077E853C	Trust: 0.2
db:	VULHUB	id:	VHN-114235	Trust: 0.1

sources: IVD: a2ad11b3-ca53-436e-80f3-47c4077e853c // CNVD: CNVD-2017-04917 // VULHUB: VHN-114235 // BID: 97562 // JVNDB: JVNDB-2017-005264 // CNNVD: CNNVD-201704-1003 // NVD: CVE-2017-6032

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-101-01	Trust: 2.8
url:	http://www.securityfocus.com/bid/97562	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6032	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6032	Trust: 0.8
url:	http://securityaffairs.co/wordpress/57731/malware/clearenergy-ransomware-scada.html	Trust: 0.6
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: CNVD: CNVD-2017-04917 // VULHUB: VHN-114235 // BID: 97562 // JVNDB: JVNDB-2017-005264 // CNNVD: CNNVD-201704-1003 // NVD: CVE-2017-6032

CREDITS

Eran Goldstein of CRITIFENCE

Trust: 0.9

sources: BID: 97562 // CNNVD: CNNVD-201704-1003

SOURCES

db:	IVD	id:	a2ad11b3-ca53-436e-80f3-47c4077e853c
db:	CNVD	id:	CNVD-2017-04917
db:	VULHUB	id:	VHN-114235
db:	BID	id:	97562
db:	JVNDB	id:	JVNDB-2017-005264
db:	CNNVD	id:	CNNVD-201704-1003
db:	NVD	id:	CVE-2017-6032

LAST UPDATE DATE

2025-04-20T23:04:56.330000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04917	date:	2017-04-21T00:00:00
db:	VULHUB	id:	VHN-114235	date:	2019-10-09T00:00:00
db:	BID	id:	97562	date:	2017-04-18T08:04:00
db:	JVNDB	id:	JVNDB-2017-005264	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-1003	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6032	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	a2ad11b3-ca53-436e-80f3-47c4077e853c	date:	2017-04-21T00:00:00
db:	CNVD	id:	CNVD-2017-04917	date:	2017-04-10T00:00:00
db:	VULHUB	id:	VHN-114235	date:	2017-06-30T00:00:00
db:	BID	id:	97562	date:	2017-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-005264	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-1003	date:	2017-04-11T00:00:00
db:	NVD	id:	CVE-2017-6032	date:	2017-06-30T03:29:00.423