CVE-2017-6034

CRITICAL

Schneider-electric Modbus Firmware - Authentication Bypass

Title source: rule

Description

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.

References (2)

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97562

Scores

CVSS v3 9.8

EPSS 0.0013

EPSS Percentile 32.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287 CWE-294

Status published

Products (2)

n/a/Schneider Electric Modicon Modbus Protocol Schneider Electric Modicon Modbus Protocol

schneider-electric/modbus_firmware

Published Jun 30, 2017

Tracked Since Feb 18, 2026