| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| Schneider Electric Modicon M241 and M251 PLCs Insufficiently Protected Credentials | 8 May 201900:00 | – | nessus | |
| Schneider-electric Modicon Insufficiently Protected Credentials | 8 Nov 201900:00 | – | nessus | |
| The vulnerability of the microprogrammed software of Modicon M241 and Modicon M251 control units lies in the insufficient protection of registration data, allowing attackers to intercept login credentials and access the web application. | 1 Aug 202200:00 | – | bdu_fstec | |
| Multiple Schneider Electric Modicon Products Vulnerable | 24 May 201700:00 | – | cnvd | |
| CVE-2017-6028 | 30 Jun 201702:35 | – | cve | |
| CVE-2017-6028 | 30 Jun 201702:35 | – | cvelist | |
| EUVD-2017-15096 | 7 Oct 202500:30 | – | euvd | |
| CVE-2017-6028 | 30 Jun 201703:29 | – | nvd | |
| CVE-2017-6028 | 30 Jun 201703:29 | – | osv | |
| Design/Logic Flaw | 30 Jun 201703:29 | – | prion |
| Source | Link |
|---|---|
| ics-cert | www.ics-cert.us-cert.gov/advisories/ICSA-17-089-02 |
| securityfocus | www.securityfocus.com/bid/97254 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500871);
script_version("1.19");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/21");
script_cve_id("CVE-2017-6028");
script_xref(name:"ICSA", value:"17-089-02");
script_name(english:"Schneider Electric Modicon PLCs Insufficiently Protected Credentials (CVE-2017-6028)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"An Insufficiently Protected Credentials issue was discovered in
Schneider Electric Modicon PLCs Modicon M241, all firmware versions,
and Modicon M251, all firmware versions. Log-in credentials are sent
over the network with Base64 encoding leaving them susceptible to
sniffing. Sniffed credentials could then be used to log into the web
application.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/97254");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Schneider Electric has released new firmware versions to address the predictable value range from previous values
vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider
Electricâs software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not
released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has
provided compensating controls to reduce the risk of exploitation.
SoMachineBasic, Version 1.5, is available at the following location:
http://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/
Schneider Electric has provided the following compensating controls to reduce the risk of exploitation of the
insufficiently protected credentials vulnerability:
- Verify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational
measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are
implemented according to best practices and standards such as ISA/IEC 62443.
- Limit traffic on the local network with managed switches
- Where possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2
encryption)
- Do not grant [network] access to unknown computers
- When remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote
access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.
Schneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which
provide additional information about the identified vulnerabilities, mitigations, and compensating controls:
http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/
http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/
http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6028");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(522);
script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/30");
script_set_attribute(attribute:"patch_publication_date", value:"2017/06/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/01");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m241_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m251_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:modicon_m241_firmware" :
{"versionEndIncluding" : "4.0.3.20", "family" : "ModiconM241"},
"cpe:/o:schneider-electric:modicon_m251_firmware" :
{"versionEndIncluding" : "4.0.3.20", "family" : "ModiconM251"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation