CVE-2017-6034

CRITICAL

Schneider-electric Modbus Firmware - Authentication Bypass

Title source: rule

Description

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97562

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01

Scores

CVSS v3 9.8

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287 CWE-294

Status draft

Affected Products (1)

schneider-electric/modbus_firmware

Timeline

Published Jun 30, 2017

Tracked Since Feb 18, 2026