Lucene search
K

Schneider Electric Modicon PLCs Insufficiently Protected Credentials (CVE-2017-6028)

🗓️ 01 Mar 2023 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 23 Views

Schneider Electric Modicon PLCs Credentials Vulnerabilit

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500871);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/21");

  script_cve_id("CVE-2017-6028");
  script_xref(name:"ICSA", value:"17-089-02");

  script_name(english:"Schneider Electric Modicon PLCs Insufficiently Protected Credentials (CVE-2017-6028)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An Insufficiently Protected Credentials issue was discovered in
Schneider Electric Modicon PLCs Modicon M241, all firmware versions,
and Modicon M251, all firmware versions. Log-in credentials are sent
over the network with Base64 encoding leaving them susceptible to
sniffing. Sniffed credentials could then be used to log into the web
application.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/97254");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Schneider Electric has released new firmware versions to address the predictable value range from previous values
vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider
Electric’s software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not
released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has
provided compensating controls to reduce the risk of exploitation.

SoMachineBasic, Version 1.5, is available at the following location:

http://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/

Schneider Electric has provided the following compensating controls to reduce the risk of exploitation of the
insufficiently protected credentials vulnerability:

- Verify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational
measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are
implemented according to best practices and standards such as ISA/IEC 62443.
- Limit traffic on the local network with managed switches
- Where possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2
encryption)
- Do not grant [network] access to unknown computers
- When remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote
access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.

Schneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which
provide additional information about the identified vulnerabilities, mitigations, and compensating controls:

http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/

http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/

http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6028");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(522);

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/06/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/01");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m241_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m251_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Schneider");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Schneider');

var asset = tenable_ot::assets::get(vendor:'Schneider');

var vuln_cpes = {
    "cpe:/o:schneider-electric:modicon_m241_firmware" :
        {"versionEndIncluding" : "4.0.3.20", "family" : "ModiconM241"},
    "cpe:/o:schneider-electric:modicon_m251_firmware" :
        {"versionEndIncluding" : "4.0.3.20", "family" : "ModiconM251"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation