| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| Schneider Electric PLC - Session Calculation Authentication Bypass Exploit | 1 Dec 201800:00 | – | zdt | |
| Schneider Electric Modicon M241 and M251 PLCs Insufficiently Random Values | 8 May 201900:00 | – | nessus | |
| Schneider-electric Modicon Use of Insufficiently Random Values | 8 Nov 201900:00 | – | nessus | |
| CVE-2017-6026 | 21 Sep 202106:42 | – | circl | |
| Multiple Schneider Electric Modicon Product Session Fixation Vulnerabilities | 24 May 201700:00 | – | cnvd | |
| CVE-2017-6026 | 30 Jun 201702:35 | – | cve | |
| CVE-2017-6026 | 30 Jun 201702:35 | – | cvelist | |
| Schneider Electric PLC - Session Calculation Authentication Bypass | 30 Nov 201800:00 | – | exploitdb | |
| Schneider Electric PLC - Session Calculation Authentication Bypass | 30 Nov 201800:00 | – | exploitpack | |
| Schneider Electric Modicon PLCs | 30 Mar 201700:00 | – | ics |
| Source | Link |
|---|---|
| ics-cert | www.ics-cert.us-cert.gov/advisories/ICSA-17-089-02 |
| securityfocus | www.securityfocus.com/bid/97254 |
| exploit-db | www.exploit-db.com/exploits/45918/ |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500862);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/21");
script_cve_id("CVE-2017-6026");
script_xref(name:"ICSA", value:"17-089-02");
script_xref(name:"EDB-ID", value:"45918");
script_name(english:"Schneider Electric Modicon PLCs Use of Insufficiently Random Values (CVE-2017-6026)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A Use of Insufficiently Random Values issue was discovered in
Schneider Electric Modicon PLCs Modicon M241, firmware versions prior
to Version 4.0.5.11, and Modicon M251, firmware versions prior to
Version 4.0.5.11. The session numbers generated by the web application
are lacking randomization and are shared between several users. This
may allow a current session to be compromised.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/97254");
script_set_attribute(attribute:"see_also", value:"https://www.exploit-db.com/exploits/45918/");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Schneider Electric has released new firmware versions to address the predictable value range from previous values
vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider
Electricâs software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not
released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has
provided compensating controls to reduce the risk of exploitation.
SoMachineBasic, Version 1.5, is available at the following location:
http://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/
Schneider Electric has provided the following compensating controls to reduce the risk of exploitation of the
insufficiently protected credentials vulnerability:
- Verify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational
measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are
implemented according to best practices and standards such as ISA/IEC 62443.
- Limit traffic on the local network with managed switches
- Where possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2
encryption)
- Do not grant [network] access to unknown computers
- When remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote
access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.
Schneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which
provide additional information about the identified vulnerabilities, mitigations, and compensating controls:
http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/
http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/
http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6026");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(330);
script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/30");
script_set_attribute(attribute:"patch_publication_date", value:"2017/06/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/01");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m241_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m251_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:modicon_m251_firmware" :
{"versionEndIncluding" : "4.0.3.20", "family" : "ModiconM251"},
"cpe:/o:schneider-electric:modicon_m241_firmware" :
{"versionEndIncluding" : "4.0.3.20", "family" : "ModiconM241"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation