6 matches found
Schneider Electric Modicon PLCs Use of Insufficiently Random Values (CVE-2017-6026)
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization an...
Schneider Electric PLC - Session Calculation Authentication Bypass Exploit
Exploit for hardware platform in category web applications ! /usr/bin/env python ''' Copyright 2018 Photubiasc Exploit Title: Schneider Session Calculation - CVE-2017-6026 Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.schneider-electric.com Software Link:...
Schneider Electric PLC Authentication Bypass
! /usr/bin/env python ''' Copyright 2018 Photubiasc Exploit Title: Schneider Session Calculation - CVE-2017-6026 Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.schneider-electric.com Software Link:...
Schneider Electric PLC - Session Calculation Authentication Bypass
!/usr/bin/env python ''' Copyright 2018 Photubiasc Exploit Title: Schneider Session Calculation - CVE-2017-6026 Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.schneider-electric.com Software Link:...
Schneider Electric PLC - Session Calculation Authentication Bypass
Schneider Electric PLC - Session Calculation Authentication Bypass ! /usr/bin/env python ''' Copyright 2018 Photubiasc Exploit Title: Schneider Session Calculation - CVE-2017-6026 Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.schneider-electric.com Software Link:...
CVE-2017-6026
Affected products: Schneider Electric Modicon PLCs (M241 and M251) with firmware versions prior to 4.0.5.11. Root cause / vulnerability: Use of insufficiently random values in session numbers generated by the web application, leading to potential session compromise due to shared session identifie...