Search criteria
10 vulnerabilities found for Modicon M251 by Schneider Electric
VAR-201706-0458
Vulnerability from variot - Updated: 2025-04-20 23:16A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections. Schneider Electric Modicon PLC Modicon M221 , M241 and M251 The firmware contains a vulnerability related to lack of entropy.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. An attacker could exploit the vulnerability to obtain sensitive information or perform unauthorized actions. This may lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.1.1.5"
},
{
"model": "modicon m251",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m241",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m221",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": "modicon m241",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "modicon m251",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "electric modicon m251",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m241",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m221",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.1.1.5"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m251",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "modicon m241",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "modicon m221",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m241",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m251",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m221",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc",
"sources": [
{
"db": "BID",
"id": "97254"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6030",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6030",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-6030",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-09891",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114233",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6030",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6030",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6030",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6030",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-09891",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-582",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114233",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6030",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections. Schneider Electric Modicon PLC Modicon M221 , M241 and M251 The firmware contains a vulnerability related to lack of entropy.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. An attacker could exploit the vulnerability to obtain sensitive information or perform unauthorized actions. This may lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6030"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6030",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-089-02",
"trust": 2.9
},
{
"db": "BID",
"id": "97254",
"trust": 2.7
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-09891",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289",
"trust": 0.8
},
{
"db": "IVD",
"id": "4A548A03-6217-4B58-9F7D-67DBC8ED4A34",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114233",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6030",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"id": "VAR-201706-0458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULHUB",
"id": "VHN-114233"
}
],
"trust": 1.8967532500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
}
]
},
"last_update_date": "2025-04-20T23:16:07.395000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-075-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-075-01"
},
{
"title": "Multiple Schneider Electric Modicon Products TCP Initial Serial Number Prediction Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/95622"
},
{
"title": "CVE-2017-6030",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2017-6030 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-331",
"trust": 1.9
},
{
"problemtype": "CWE-343",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-089-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/97254"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6030"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6030"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/331.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2017-6030"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"db": "VULHUB",
"id": "VHN-114233"
},
{
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "IVD",
"id": "4a548a03-6217-4b58-9f7d-67dbc8ed4a34"
},
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114233"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"date": "2017-03-30T00:00:00",
"db": "BID",
"id": "97254"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"date": "2017-06-30T03:29:00.390000",
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09891"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114233"
},
{
"date": "2021-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6030"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97254"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005289"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-582"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Modicon PLC Modicon Vulnerability related to lack of entropy in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-582"
}
],
"trust": 0.6
}
}
VAR-201706-0456
Vulnerability from variot - Updated: 2025-04-20 23:16A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. Successfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "modicon m251",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"_id": null,
"model": "modicon m241",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"_id": null,
"model": "modicon m241",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"_id": null,
"model": "modicon m251",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"_id": null,
"model": "electric modicon m251",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"_id": null,
"model": "electric modicon m241",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"_id": null,
"model": "electric modicon m221",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"_id": null,
"model": "modicon m241",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"_id": null,
"model": "modicon m251",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"_id": null,
"model": "modicon m251",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"_id": null,
"model": "modicon m241",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"_id": null,
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"_id": null,
"model": "modicon m251",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"_id": null,
"model": "modicon m241",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"_id": null,
"model": "modicon m221",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m251",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m241",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
},
{
"db": "NVD",
"id": "CVE-2017-6026"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
}
]
},
"credits": {
"_id": null,
"data": "David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc",
"sources": [
{
"db": "BID",
"id": "97254"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6026",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6026",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-09890",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114229",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6026",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6026",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6026",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6026",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-09890",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-586",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114229",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6026",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "VULHUB",
"id": "VHN-114229"
},
{
"db": "VULMON",
"id": "CVE-2017-6026"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
},
{
"db": "NVD",
"id": "CVE-2017-6026"
}
]
},
"description": {
"_id": null,
"data": "A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. \nSuccessfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6026"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "VULHUB",
"id": "VHN-114229"
},
{
"db": "VULMON",
"id": "CVE-2017-6026"
}
],
"trust": 2.79
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-114229",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114229"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-6026",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-089-02",
"trust": 2.9
},
{
"db": "BID",
"id": "97254",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "45918",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-09890",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287",
"trust": 0.8
},
{
"db": "IVD",
"id": "B2E725EB-BF44-40DF-91C3-ADC24E4992EC",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "150551",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-114229",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6026",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "VULHUB",
"id": "VHN-114229"
},
{
"db": "VULMON",
"id": "CVE-2017-6026"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
},
{
"db": "NVD",
"id": "CVE-2017-6026"
}
]
},
"id": "VAR-201706-0456",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "VULHUB",
"id": "VHN-114229"
}
],
"trust": 1.8967532500000002
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec"
},
{
"db": "CNVD",
"id": "CNVD-2017-09890"
}
]
},
"last_update_date": "2025-04-20T23:16:07.349000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SEVD-2017-075-02",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-075-02"
},
{
"title": "Patch for multiple Schneider Electric Modicon product session fixation vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/95625"
},
{
"title": "Schneider Electric Modicon PLCs Modicon M241 and Modicon M251 Fixing measures for security feature vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160265"
},
{
"title": "CVE-2017-6026",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2017-6026 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "VULMON",
"id": "CVE-2017-6026"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-330",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114229"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "NVD",
"id": "CVE-2017-6026"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-089-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/97254"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/45918/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6026"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6026"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53311"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09890"
},
{
"db": "VULHUB",
"id": "VHN-114229"
},
{
"db": "VULMON",
"id": "CVE-2017-6026"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
},
{
"db": "NVD",
"id": "CVE-2017-6026"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-09890",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-114229",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-6026",
"ident": null
},
{
"db": "BID",
"id": "97254",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005287",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201702-586",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-6026",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "IVD",
"id": "b2e725eb-bf44-40df-91c3-adc24e4992ec",
"ident": null
},
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09890",
"ident": null
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114229",
"ident": null
},
{
"date": "2017-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6026",
"ident": null
},
{
"date": "2017-03-30T00:00:00",
"db": "BID",
"id": "97254",
"ident": null
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005287",
"ident": null
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-586",
"ident": null
},
{
"date": "2017-06-30T03:29:00.327000",
"db": "NVD",
"id": "CVE-2017-6026",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09890",
"ident": null
},
{
"date": "2018-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-114229",
"ident": null
},
{
"date": "2021-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6026",
"ident": null
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97254",
"ident": null
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005287",
"ident": null
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-586",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6026",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Schneider Electric Modicon PLC Modicon M241 and M251 Vulnerability related to insufficient random values in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005287"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-586"
}
],
"trust": 0.6
}
}
VAR-201706-0457
Vulnerability from variot - Updated: 2025-04-20 23:16An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. Schneider Electric Modicon PLC Modicon M241 and M251 The firmware contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. Successfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0457",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m251",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m241",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m241",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m251",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "electric modicon m251",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m241",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m221",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "4.0.3.20"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m251",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "modicon m241",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.0.5.11"
},
{
"model": "modicon m221",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m241",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m251",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc",
"sources": [
{
"db": "BID",
"id": "97254"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6028",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6028",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-09898",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114231",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6028",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6028",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6028",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6028",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-09898",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-584",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114231",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6028",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. Schneider Electric Modicon PLC Modicon M241 and M251 The firmware contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. \nSuccessfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6028"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6028",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-089-02",
"trust": 2.9
},
{
"db": "BID",
"id": "97254",
"trust": 2.7
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-09898",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288",
"trust": 0.8
},
{
"db": "IVD",
"id": "B9EEC958-8AE9-4302-889D-7ED13E29DEAA",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114231",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6028",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"id": "VAR-201706-0457",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULHUB",
"id": "VHN-114231"
}
],
"trust": 1.8967532500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
}
]
},
"last_update_date": "2025-04-20T23:16:07.305000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-075-03",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-075-03"
},
{
"title": "Patches for multiple Schneider Electric Modicon products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/95626"
},
{
"title": "Fortinet Security Advisories: Fortinet Discovers Schneider Electric Modicon Insecure Credential Transmission Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-VD-20-102"
},
{
"title": "CVE-2017-6028",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2017-6028 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-089-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/97254"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6028"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6028"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2017-6028"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"db": "VULHUB",
"id": "VHN-114231"
},
{
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"db": "BID",
"id": "97254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "IVD",
"id": "b9eec958-8ae9-4302-889d-7ed13e29deaa"
},
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114231"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"date": "2017-03-30T00:00:00",
"db": "BID",
"id": "97254"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"date": "2017-06-30T03:29:00.360000",
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09898"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114231"
},
{
"date": "2021-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6028"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97254"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005288"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-584"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6028"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon PLC Modicon M241 and M251 Firmware vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005288"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-584"
}
],
"trust": 0.6
}
}
VAR-202407-0346
Vulnerability from variot - Updated: 2024-12-24 22:57CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. Modicon M241 firmware, Modicon M251 firmware, Modicon M258 firmware etc. Schneider Electric A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. Schneider Electric (China) Co., Ltd. is a global electrical company and an expert in global energy efficiency management and automation.
Schneider Electric (China) Co., Ltd. TM241CE24T_U has an XSS vulnerability, which can be exploited by attackers to obtain sensitive information such as user cookies
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-0346",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m251",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m258",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m262",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon lmc058",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m262",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m258",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m241",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m251",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon lmc058",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tm241ce24t u",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.1.0.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-32452"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004305"
},
{
"db": "NVD",
"id": "CVE-2024-6528"
}
]
},
"cve": "CVE-2024-6528",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-32452",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-6528",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2024-6528",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2024-6528",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-6528",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2024-6528",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-6528",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-32452",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-32452"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004305"
},
{
"db": "NVD",
"id": "CVE-2024-6528"
},
{
"db": "NVD",
"id": "CVE-2024-6528"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site\nScripting\u0027) vulnerability exists that could cause a vulnerability leading to a cross-site scripting\ncondition where attackers can have a victim\u2019s browser run arbitrary JavaScript when they visit a\npage containing the injected payload. Modicon M241 firmware, Modicon M251 firmware, Modicon M258 firmware etc. Schneider Electric A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. Schneider Electric (China) Co., Ltd. is a global electrical company and an expert in global energy efficiency management and automation. \n\nSchneider Electric (China) Co., Ltd. TM241CE24T_U has an XSS vulnerability, which can be exploited by attackers to obtain sensitive information such as user cookies",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-6528"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004305"
},
{
"db": "CNVD",
"id": "CNVD-2024-32452"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-6528",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2024-191-04",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-354-07",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92082022",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004305",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-32452",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-32452"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004305"
},
{
"db": "NVD",
"id": "CVE-2024-6528"
}
]
},
"id": "VAR-202407-0346",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-32452"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-32452"
}
]
},
"last_update_date": "2024-12-24T22:57:36.636000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric (China) Co., Ltd. TM241CE24T_U has an XSS vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/583351"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-32452"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004305"
},
{
"db": "NVD",
"id": "CVE-2024-6528"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2024-191-04\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2024-191-04.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92082022/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-6528"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-07"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004305"
},
{
"db": "NVD",
"id": "CVE-2024-6528"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-32452"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-004305"
},
{
"db": "NVD",
"id": "CVE-2024-6528"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-32452"
},
{
"date": "2024-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-004305"
},
{
"date": "2024-07-11T09:15:04.867000",
"db": "NVD",
"id": "CVE-2024-6528"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-32452"
},
{
"date": "2024-12-23T03:27:00",
"db": "JVNDB",
"id": "JVNDB-2024-004305"
},
{
"date": "2024-07-12T16:37:20.283000",
"db": "NVD",
"id": "CVE-2024-6528"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-004305"
}
],
"trust": 0.8
}
}
VAR-201905-0036
Vulnerability from variot - Updated: 2024-11-23 23:11A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2. plural Schneider Electric The product is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M100 and others are products of Schneider Electric, France. The Schneider Electric Modicon M100 is a programmable logic controller. The Schneider Electric Modicon LMC078 is a motion controller. The Schneider Electric ATV IMC drive controller is a drive controller. An access control error vulnerability exists in several Schneider Electric products. The following products and versions are affected: Schneider Electric Modicon M100 (all versions); Modicon M200 (all versions); Modicon M221 (all versions); ATV IMC drive controller (all versions); Modicon M241 (all versions); Modicon M258 (all versions); Modicon LMC058 (all versions); Modicon LMC078 (all versions); PacDrive Eco (all versions); PacDrive Pro (all versions); PacDrive Pro2 (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "pacdrive eco",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m258",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon lmc058",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "pacdrive pro2",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon lmc078",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m200",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "pacdrive pro",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "atv imc drive controller",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "atv imc drive controller",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon lmc058",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon lmc078",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m221",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m241",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m251",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m258",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "pacdrive eco",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m258",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon lmc058",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon lmc078",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric pacdrive eco",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric pacdrive pro",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric pacdrive pro2",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m200",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m221",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric atv imc drive controller",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m241",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m251",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pacdrive eco",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pacdrive pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pacdrive pro2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m221",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "atv imc drive controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m241",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m251",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m258",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon lmc058",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon lmc078",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:atv_imc_drive_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_lmc058_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_lmc078_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m221_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m258_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:pacdrive_eco_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
}
]
},
"cve": "CVE-2019-6820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6820",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-15887",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158255",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6820",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6820",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6820",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6820",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-15887",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-932",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158255",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6820",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2. plural Schneider Electric The product is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M100 and others are products of Schneider Electric, France. The Schneider Electric Modicon M100 is a programmable logic controller. The Schneider Electric Modicon LMC078 is a motion controller. The Schneider Electric ATV IMC drive controller is a drive controller. An access control error vulnerability exists in several Schneider Electric products. The following products and versions are affected: Schneider Electric Modicon M100 (all versions); Modicon M200 (all versions); Modicon M221 (all versions); ATV IMC drive controller (all versions); Modicon M241 (all versions); Modicon M258 (all versions); Modicon LMC058 (all versions); Modicon LMC078 (all versions); PacDrive Eco (all versions); PacDrive Pro (all versions); PacDrive Pro2 (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "VULMON",
"id": "CVE-2019-6820"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6820",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-02",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-15887",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816",
"trust": 0.8
},
{
"db": "IVD",
"id": "275E0D38-40D0-4C09-B739-BA01427AB4F3",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158255",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6820",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"id": "VAR-201905-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "VULHUB",
"id": "VHN-158255"
}
],
"trust": 1.8366883125000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
}
]
},
"last_update_date": "2024-11-23T23:11:53.057000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-02/"
},
{
"title": "CVE-2019-6820",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2019-6820 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-02/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6820"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6820"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-6820"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2019-6820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"db": "VULHUB",
"id": "VHN-158255"
},
{
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-158255"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"date": "2019-05-22T20:29:02.137000",
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15887"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158255"
},
{
"date": "2021-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6820"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004816"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-932"
},
{
"date": "2024-11-21T04:47:13.107000",
"db": "NVD",
"id": "CVE-2019-6820"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Vulnerability related to lack of certification for critical functions in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004816"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "275e0d38-40d0-4c09-b739-ba01427ab4f3"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-932"
}
],
"trust": 0.8
}
}
VAR-202004-1857
Vulnerability from variot - Updated: 2024-11-23 22:21A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. plural Modicon The product contains vulnerabilities to inadequate validation of data reliability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1857",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric modicon m241",
"scope": null,
"trust": 1.2,
"vendor": "schneider",
"version": null
},
{
"model": "somachine",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "somachine motion",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure machine expert",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m258",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m218",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure machine expert",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m218",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m241",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m251",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m258",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine motion",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m218",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m258",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:ecostruxure_machine_expert",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_M218_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m258_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine_motion",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
}
]
},
"cve": "CVE-2020-7487",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7487",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004731",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-25703",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-185612",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7487",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004731",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7487",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-004731",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-25703",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1944",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-185612",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. plural Modicon The product contains vulnerabilities to inadequate validation of data reliability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7487"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7487",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-105-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-25703",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-185612",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"id": "VAR-202004-1857",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
}
],
"trust": 1.69675325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
}
]
},
"last_update_date": "2024-11-23T22:21:12.206000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-105-02",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-105-02/"
},
{
"title": "Patch for Data forgery vulnerabilities in multiple Schneider Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/256506"
},
{
"title": "Multiple Schneider Electric Product data falsification issues",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117008"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7487"
},
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-105-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7487"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"db": "VULHUB",
"id": "VHN-185612"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"date": "2020-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-185612"
},
{
"date": "2020-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"date": "2020-04-22T19:15:11.653000",
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25703"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-185612"
},
{
"date": "2020-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004731"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1944"
},
{
"date": "2024-11-21T05:37:14.580000",
"db": "NVD",
"id": "CVE-2020-7487"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Inadequate validation vulnerabilities for data reliability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1944"
}
],
"trust": 0.6
}
}
VAR-202004-1858
Vulnerability from variot - Updated: 2024-11-23 22:21A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company.
There are security vulnerabilities in many Schneider Electric products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1858",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "somachine",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "somachine motion",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure machine expert",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m251",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m258",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m218",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m241",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "ecostruxure machine expert",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m218",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m241",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m251",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m258",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "somachine motion",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m218",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m251",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m241",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m258",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:ecostruxure_machine_expert",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_M218_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m251_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m258_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:schneider_electric:somachine_motion",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
}
]
},
"cve": "CVE-2020-7488",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7488",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004650",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-25704",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-185613",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7488",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004650",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7488",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-004650",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-25704",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1945",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-185613",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. Schneider Electric Modicon M218 Logic Controller, etc. are all programmable logic controllers of French Schneider Electric (Schneider Electric) company. \n\r\n\r\nThere are security vulnerabilities in many Schneider Electric products",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7488"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7488",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-105-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-25704",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-185613",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"id": "VAR-202004-1858",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
}
],
"trust": 1.69675325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
}
]
},
"last_update_date": "2024-11-23T22:21:12.174000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-105-02",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-105-02/"
},
{
"title": "Patch for Unidentified vulnerabilities exist in many Schneider Electric products (CNVD-2021-25704)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/256501"
},
{
"title": "Multiple Schneider Electric Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117009"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185613"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7488"
},
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-105-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7488"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"db": "VULHUB",
"id": "VHN-185613"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"date": "2020-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-185613"
},
{
"date": "2020-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"date": "2020-04-22T19:15:11.717000",
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25704"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-185613"
},
{
"date": "2020-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004650"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1945"
},
{
"date": "2024-11-21T05:37:14.697000",
"db": "NVD",
"id": "CVE-2020-7488"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability in plaintext transmission of critical information in controller",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004650"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1945"
}
],
"trust": 0.6
}
}
VAR-202105-0407
Vulnerability from variot - Updated: 2022-05-06 23:34Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0407",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m241",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "5.1.9.1"
},
{
"model": "modicon m251",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "5.1.9.1"
},
{
"model": "modicon m251",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m241",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007366"
},
{
"db": "NVD",
"id": "CVE-2021-22699"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.9.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.9.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.9.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.9.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22699"
}
]
},
"cve": "CVE-2021-22699",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22699",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22699",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22699",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22699",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1724",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22699",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22699"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007366"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1724"
},
{
"db": "NVD",
"id": "CVE-2021-22699"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22699"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007366"
},
{
"db": "VULMON",
"id": "CVE-2021-22699"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22699",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2021-130-05",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007366",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1724",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22699",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22699"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007366"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1724"
},
{
"db": "NVD",
"id": "CVE-2021-22699"
}
]
},
"id": "VAR-202105-0407",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.67708335
},
"last_update_date": "2022-05-06T23:34:13.358000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2021-130-05",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-05"
},
{
"title": "Schneider Electric Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152837"
},
{
"title": "CVE-2021-22699",
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-22699 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22699"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007366"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1724"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007366"
},
{
"db": "NVD",
"id": "CVE-2021-22699"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-05"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22699"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-22699"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22699"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007366"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1724"
},
{
"db": "NVD",
"id": "CVE-2021-22699"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-22699"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007366"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1724"
},
{
"db": "NVD",
"id": "CVE-2021-22699"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22699"
},
{
"date": "2022-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007366"
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1724"
},
{
"date": "2021-05-26T20:15:00",
"db": "NVD",
"id": "CVE-2021-22699"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22699"
},
{
"date": "2022-02-09T05:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-007366"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1724"
},
{
"date": "2022-02-03T16:14:00",
"db": "NVD",
"id": "CVE-2021-22699"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1724"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Modicon\u00a0M241\u00a0 and \u00a0M251\u00a0 Input verification vulnerability in logic controller firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007366"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1724"
}
],
"trust": 0.6
}
}
CVE-2017-6030 (GCVE-0-2017-6030)
Vulnerability from nvd – Published: 2017-06-30 02:35 – Updated: 2026-06-04 21:40
VLAI
Title
Schneider Electric Modicon PLCs Predictable Value Range from Previous Values
Summary
A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/97254 | vdb-entryx_refsource_BID |
| https://github.com/cisagov/CSAF/blob/develop/csaf… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Modicon M221 |
Affected:
0 , < 1.5.0.0
(custom)
|
|
| Schneider Electric | Modicon M241 |
Affected:
0 , < 4.0.5.11
(custom)
|
|
| Schneider Electric | Modicon M251 |
Affected:
0 , < 4.0.5.11
(custom)
|
Date Public
2017-06-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97254"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-6030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:20:18.684514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:22:59.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon M221",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "1.5.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M241",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "4.0.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M251",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "4.0.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc. reported the identified vulnerabilities."
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.\u003c/p\u003e"
}
],
"value": "A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-343",
"description": "CWE-343",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T21:40:02.867Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97254"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2017/icsa-17-089-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has released new firmware versions to address the predictable value range from previous values vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider Electric\u2019s software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has provided compensating controls to reduce the risk of exploitation.\u003c/p\u003e\u003cp\u003eSoMachineBasic, Version 1.5, is available at the following location:\u003c/p\u003e\u003cp\u003ehttp://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/\u0026nbsp;\u003c/p\u003e\u003cp\u003eSchneider Electric has provided the following compensating controls to reduce the risk of exploitation of the insufficiently protected credentials vulnerability:\u003c/p\u003e\u003cul\u003e\u003cli\u003eVerify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are implemented according to best practices and standards such as ISA/IEC 62443.\u003c/li\u003e\u003cli\u003eLimit traffic on the local network with managed switches\u003c/li\u003e\u003cli\u003eWhere possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2 encryption)\u003c/li\u003e\u003cli\u003eDo not grant [network] access to unknown computers\u003c/li\u003e\u003cli\u003eWhen remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSchneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which provide additional information about the identified vulnerabilities, mitigations, and compensating controls:\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Schneider Electric has released new firmware versions to address the predictable value range from previous values vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider Electric\u2019s software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has provided compensating controls to reduce the risk of exploitation.\n\n\n\nSoMachineBasic, Version 1.5, is available at the following location:\n\n\n\nhttp://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/\u00a0\n\n\n\nSchneider Electric has provided the following compensating controls to reduce the risk of exploitation of the insufficiently protected credentials vulnerability:\n\n * Verify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are implemented according to best practices and standards such as ISA/IEC 62443.\n * Limit traffic on the local network with managed switches\n * Where possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2 encryption)\n * Do not grant [network] access to unknown computers\n * When remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.\n\n\n\n\nSchneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which provide additional information about the identified vulnerabilities, mitigations, and compensating controls:\n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/ \n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/ \n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/"
}
],
"source": {
"advisory": "ICSA-17-089-02",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric Modicon PLCs Predictable Value Range from Previous Values",
"x_generator": {
"engine": "Vulnogram 1.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Modicon PLCs",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Modicon PLCs"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-343"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97254"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6030",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2026-06-04T21:40:02.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-6030 (GCVE-0-2017-6030)
Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2026-06-04 21:40
VLAI
Title
Schneider Electric Modicon PLCs Predictable Value Range from Previous Values
Summary
A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/97254 | vdb-entryx_refsource_BID |
| https://github.com/cisagov/CSAF/blob/develop/csaf… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Modicon M221 |
Affected:
0 , < 1.5.0.0
(custom)
|
|
| Schneider Electric | Modicon M241 |
Affected:
0 , < 4.0.5.11
(custom)
|
|
| Schneider Electric | Modicon M251 |
Affected:
0 , < 4.0.5.11
(custom)
|
Date Public
2017-06-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97254"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-6030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:20:18.684514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:22:59.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon M221",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "1.5.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M241",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "4.0.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M251",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "4.0.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc. reported the identified vulnerabilities."
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.\u003c/p\u003e"
}
],
"value": "A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-343",
"description": "CWE-343",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T21:40:02.867Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97254"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2017/icsa-17-089-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has released new firmware versions to address the predictable value range from previous values vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider Electric\u2019s software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has provided compensating controls to reduce the risk of exploitation.\u003c/p\u003e\u003cp\u003eSoMachineBasic, Version 1.5, is available at the following location:\u003c/p\u003e\u003cp\u003ehttp://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/\u0026nbsp;\u003c/p\u003e\u003cp\u003eSchneider Electric has provided the following compensating controls to reduce the risk of exploitation of the insufficiently protected credentials vulnerability:\u003c/p\u003e\u003cul\u003e\u003cli\u003eVerify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are implemented according to best practices and standards such as ISA/IEC 62443.\u003c/li\u003e\u003cli\u003eLimit traffic on the local network with managed switches\u003c/li\u003e\u003cli\u003eWhere possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2 encryption)\u003c/li\u003e\u003cli\u003eDo not grant [network] access to unknown computers\u003c/li\u003e\u003cli\u003eWhen remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSchneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which provide additional information about the identified vulnerabilities, mitigations, and compensating controls:\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/\"\u003ehttp://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Schneider Electric has released new firmware versions to address the predictable value range from previous values vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider Electric\u2019s software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has provided compensating controls to reduce the risk of exploitation.\n\n\n\nSoMachineBasic, Version 1.5, is available at the following location:\n\n\n\nhttp://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/\u00a0\n\n\n\nSchneider Electric has provided the following compensating controls to reduce the risk of exploitation of the insufficiently protected credentials vulnerability:\n\n * Verify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are implemented according to best practices and standards such as ISA/IEC 62443.\n * Limit traffic on the local network with managed switches\n * Where possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2 encryption)\n * Do not grant [network] access to unknown computers\n * When remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches.\n\n\n\n\nSchneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which provide additional information about the identified vulnerabilities, mitigations, and compensating controls:\n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/ \n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/ \n\n\n\n http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/"
}
],
"source": {
"advisory": "ICSA-17-089-02",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric Modicon PLCs Predictable Value Range from Previous Values",
"x_generator": {
"engine": "Vulnogram 1.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Modicon PLCs",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Modicon PLCs"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-343"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02"
},
{
"name": "97254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97254"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6030",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2026-06-04T21:40:02.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}