Lucene search
K

Schneider Electric Modicon PLCs Use of Insufficiently Random Values (CVE-2017-6026)

🗓️ 01 Mar 2023 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 33 Views

Use of Insufficiently Random Values in Schneider Electric Modicon PLC

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500862);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/21");

  script_cve_id("CVE-2017-6026");
  script_xref(name:"ICSA", value:"17-089-02");
  script_xref(name:"EDB-ID", value:"45918");

  script_name(english:"Schneider Electric Modicon PLCs Use of Insufficiently Random Values (CVE-2017-6026)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A Use of Insufficiently Random Values issue was discovered in
Schneider Electric Modicon PLCs Modicon M241, firmware versions prior
to Version 4.0.5.11, and Modicon M251, firmware versions prior to
Version 4.0.5.11. The session numbers generated by the web application
are lacking randomization and are shared between several users. This
may allow a current session to be compromised.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/97254");
  script_set_attribute(attribute:"see_also", value:"https://www.exploit-db.com/exploits/45918/");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Schneider Electric has released new firmware versions to address the predictable value range from previous values
vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider
Electric’s software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not
released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has
provided compensating controls to reduce the risk of exploitation.

SoMachineBasic, Version 1.5, is available at the following location:

http://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/

Schneider Electric has provided the following compensating controls to reduce the risk of exploitation of the
insufficiently protected credentials vulnerability:

- Verify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational
measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are
implemented according to best practices and standards such as ISA/IEC 62443.
- Limit traffic on the local network with managed switches
- Where possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2
encryption)
- Do not grant [network] access to unknown computers
- When remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote
access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.

Schneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which
provide additional information about the identified vulnerabilities, mitigations, and compensating controls:

http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/

http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/

http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6026");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(330);

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/06/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/01");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m241_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m251_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Schneider");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Schneider');

var asset = tenable_ot::assets::get(vendor:'Schneider');

var vuln_cpes = {
    "cpe:/o:schneider-electric:modicon_m251_firmware" :
        {"versionEndIncluding" : "4.0.3.20", "family" : "ModiconM251"},
    "cpe:/o:schneider-electric:modicon_m241_firmware" :
        {"versionEndIncluding" : "4.0.3.20", "family" : "ModiconM241"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Jun 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 26.4
CVSS 3.19.1
EPSS0.3182
33