Details of VAR-201706-0460

ID

VAR-201706-0460

CVE

CVE-2017-6034

TITLE

Schneider Electric Modicon Modbus Protocol Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005265

DESCRIPTION

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon PLC has a multi-authentication bypass vulnerability that allows an attacker accessing the OT network to intercept traffic to the target PLC, including the session identifier required to send management commands to the device. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks

Trust: 2.7

sources: NVD: CVE-2017-6034 // JVNDB: JVNDB-2017-005265 // CNVD: CNVD-2017-04918 // BID: 97562 // IVD: 6b623b8a-fa15-49a1-a6c9-6bb9da206da7 // VULHUB: VHN-114237

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 6b623b8a-fa15-49a1-a6c9-6bb9da206da7 // CNVD: CNVD-2017-04918

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modbus	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	modbus	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon plc	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	modicon modbus protocol	scope:	eq	version:	0	Trust: 0.3
vendor:	modbus	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 6b623b8a-fa15-49a1-a6c9-6bb9da206da7 // CNVD: CNVD-2017-04918 // BID: 97562 // JVNDB: JVNDB-2017-005265 // CNNVD: CNNVD-201704-1002 // NVD: CVE-2017-6034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6034
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-6034
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-04918
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-1002
value:	CRITICAL
Trust: 0.6
IVD:	6b623b8a-fa15-49a1-a6c9-6bb9da206da7
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-114237
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6034
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-04918
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6b623b8a-fa15-49a1-a6c9-6bb9da206da7
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-114237
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6034
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 6b623b8a-fa15-49a1-a6c9-6bb9da206da7 // CNVD: CNVD-2017-04918 // VULHUB: VHN-114237 // JVNDB: JVNDB-2017-005265 // CNNVD: CNNVD-201704-1002 // NVD: CVE-2017-6034

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.9
problemtype:	CWE-294	Trust: 1.0

sources: VULHUB: VHN-114237 // JVNDB: JVNDB-2017-005265 // NVD: CVE-2017-6034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1002

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201704-1002

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005265

PATCH

title:	SEVD-2017-065-01	url:	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-065-01	Trust: 0.8
title:	Patch for Schneider Electric Modicon PLC Multi-Factor Authentication Bypass Vulnerability (CNVD-2017-04918)	url:	https://www.cnvd.org.cn/patchInfo/show/92239	Trust: 0.6
title:	Schneider Electric Modicon Modbus Protocol Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70261	Trust: 0.6

sources: CNVD: CNVD-2017-04918 // JVNDB: JVNDB-2017-005265 // CNNVD: CNNVD-201704-1002

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6034	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-101-01	Trust: 2.8
db:	BID	id:	97562	Trust: 2.6
db:	CNNVD	id:	CNNVD-201704-1002	Trust: 0.9
db:	CNVD	id:	CNVD-2017-04918	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005265	Trust: 0.8
db:	IVD	id:	6B623B8A-FA15-49A1-A6C9-6BB9DA206DA7	Trust: 0.2
db:	VULHUB	id:	VHN-114237	Trust: 0.1

sources: IVD: 6b623b8a-fa15-49a1-a6c9-6bb9da206da7 // CNVD: CNVD-2017-04918 // VULHUB: VHN-114237 // BID: 97562 // JVNDB: JVNDB-2017-005265 // CNNVD: CNNVD-201704-1002 // NVD: CVE-2017-6034

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-101-01	Trust: 2.8
url:	http://www.securityfocus.com/bid/97562	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6034	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6034	Trust: 0.8
url:	http://securityaffairs.co/wordpress/57731/malware/clearenergy-ransomware-scada.html	Trust: 0.6
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: CNVD: CNVD-2017-04918 // VULHUB: VHN-114237 // BID: 97562 // JVNDB: JVNDB-2017-005265 // CNNVD: CNNVD-201704-1002 // NVD: CVE-2017-6034

CREDITS

Eran Goldstein of CRITIFENCE

Trust: 0.9

sources: BID: 97562 // CNNVD: CNNVD-201704-1002

SOURCES

db:	IVD	id:	6b623b8a-fa15-49a1-a6c9-6bb9da206da7
db:	CNVD	id:	CNVD-2017-04918
db:	VULHUB	id:	VHN-114237
db:	BID	id:	97562
db:	JVNDB	id:	JVNDB-2017-005265
db:	CNNVD	id:	CNNVD-201704-1002
db:	NVD	id:	CVE-2017-6034

LAST UPDATE DATE

2025-04-20T23:04:56.369000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04918	date:	2017-04-21T00:00:00
db:	VULHUB	id:	VHN-114237	date:	2019-10-09T00:00:00
db:	BID	id:	97562	date:	2017-04-18T08:04:00
db:	JVNDB	id:	JVNDB-2017-005265	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-1002	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6034	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	6b623b8a-fa15-49a1-a6c9-6bb9da206da7	date:	2017-04-21T00:00:00
db:	CNVD	id:	CNVD-2017-04918	date:	2017-04-10T00:00:00
db:	VULHUB	id:	VHN-114237	date:	2017-06-30T00:00:00
db:	BID	id:	97562	date:	2017-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-005265	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-1002	date:	2017-04-11T00:00:00
db:	NVD	id:	CVE-2017-6034	date:	2017-06-30T03:29:00.453