Search criteria
4 vulnerabilities found for Modicon Modbus Protocol by Schneider Electric
VAR-201706-0460
Vulnerability from variot - Updated: 2025-04-20 23:04An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon PLC has a multi-authentication bypass vulnerability that allows an attacker accessing the OT network to intercept traffic to the target PLC, including the session identifier required to send management commands to the device. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0460",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modbus",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "modbus",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon modbus protocol",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbus",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modbus_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eran Goldstein of CRITIFENCE",
"sources": [
{
"db": "BID",
"id": "97562"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6034",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6034",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-04918",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114237",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6034",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6034",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6034",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-04918",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1002",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114237",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "VULHUB",
"id": "VHN-114237"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon PLC has a multi-authentication bypass vulnerability that allows an attacker accessing the OT network to intercept traffic to the target PLC, including the session identifier required to send management commands to the device. \nAn attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6034"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "VULHUB",
"id": "VHN-114237"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6034",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-101-01",
"trust": 2.8
},
{
"db": "BID",
"id": "97562",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-04918",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265",
"trust": 0.8
},
{
"db": "IVD",
"id": "6B623B8A-FA15-49A1-A6C9-6BB9DA206DA7",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114237",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "VULHUB",
"id": "VHN-114237"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"id": "VAR-201706-0460",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "VULHUB",
"id": "VHN-114237"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
}
]
},
"last_update_date": "2025-04-20T23:04:56.369000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-065-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-065-01"
},
{
"title": "Patch for Schneider Electric Modicon PLC Multi-Factor Authentication Bypass Vulnerability (CNVD-2017-04918)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92239"
},
{
"title": "Schneider Electric Modicon Modbus Protocol Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70261"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-294",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114237"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-101-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/97562"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6034"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6034"
},
{
"trust": 0.6,
"url": "http://securityaffairs.co/wordpress/57731/malware/clearenergy-ransomware-scada.html"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "VULHUB",
"id": "VHN-114237"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "VULHUB",
"id": "VHN-114237"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"date": "2017-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114237"
},
{
"date": "2017-04-11T00:00:00",
"db": "BID",
"id": "97562"
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"date": "2017-06-30T03:29:00.453000",
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114237"
},
{
"date": "2017-04-18T08:04:00",
"db": "BID",
"id": "97562"
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon Modbus Protocol Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
}
],
"trust": 0.6
}
}
VAR-201706-0459
Vulnerability from variot - Updated: 2025-04-20 23:04A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon PLC has a multi-factor authentication bypass vulnerability. Once the session key is transmitted in clear text, the attacker can replay the request and add arbitrary commands, including starting and stopping the PLC, and downloading its ladder diagram. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Attackers can exploit this vulnerability to implement brute force attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0459",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modbus",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "modbus",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon modbus protocol",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbus",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "a2ad11b3-ca53-436e-80f3-47c4077e853c"
},
{
"db": "CNVD",
"id": "CNVD-2017-04917"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005264"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1003"
},
{
"db": "NVD",
"id": "CVE-2017-6032"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modbus_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005264"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eran Goldstein of CRITIFENCE",
"sources": [
{
"db": "BID",
"id": "97562"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1003"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6032",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-04917",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a2ad11b3-ca53-436e-80f3-47c4077e853c",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114235",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6032",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6032",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6032",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-04917",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1003",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a2ad11b3-ca53-436e-80f3-47c4077e853c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114235",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a2ad11b3-ca53-436e-80f3-47c4077e853c"
},
{
"db": "CNVD",
"id": "CNVD-2017-04917"
},
{
"db": "VULHUB",
"id": "VHN-114235"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005264"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1003"
},
{
"db": "NVD",
"id": "CVE-2017-6032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon PLC has a multi-factor authentication bypass vulnerability. Once the session key is transmitted in clear text, the attacker can replay the request and add arbitrary commands, including starting and stopping the PLC, and downloading its ladder diagram. \nAn attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Attackers can exploit this vulnerability to implement brute force attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6032"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005264"
},
{
"db": "CNVD",
"id": "CNVD-2017-04917"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "IVD",
"id": "a2ad11b3-ca53-436e-80f3-47c4077e853c"
},
{
"db": "VULHUB",
"id": "VHN-114235"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6032",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-101-01",
"trust": 2.8
},
{
"db": "BID",
"id": "97562",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1003",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-04917",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005264",
"trust": 0.8
},
{
"db": "IVD",
"id": "A2AD11B3-CA53-436E-80F3-47C4077E853C",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114235",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a2ad11b3-ca53-436e-80f3-47c4077e853c"
},
{
"db": "CNVD",
"id": "CNVD-2017-04917"
},
{
"db": "VULHUB",
"id": "VHN-114235"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005264"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1003"
},
{
"db": "NVD",
"id": "CVE-2017-6032"
}
]
},
"id": "VAR-201706-0459",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a2ad11b3-ca53-436e-80f3-47c4077e853c"
},
{
"db": "CNVD",
"id": "CNVD-2017-04917"
},
{
"db": "VULHUB",
"id": "VHN-114235"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a2ad11b3-ca53-436e-80f3-47c4077e853c"
},
{
"db": "CNVD",
"id": "CNVD-2017-04917"
}
]
},
"last_update_date": "2025-04-20T23:04:56.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-065-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-065-01"
},
{
"title": "Schneider Electric Modicon PLC Multi-Factor Authentication Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92240"
},
{
"title": "Schneider Electric Modicon Modbus Protocol Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70262"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04917"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005264"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-358",
"trust": 1.9
},
{
"problemtype": "CWE-657",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114235"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005264"
},
{
"db": "NVD",
"id": "CVE-2017-6032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-101-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/97562"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6032"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6032"
},
{
"trust": 0.6,
"url": "http://securityaffairs.co/wordpress/57731/malware/clearenergy-ransomware-scada.html"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04917"
},
{
"db": "VULHUB",
"id": "VHN-114235"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005264"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1003"
},
{
"db": "NVD",
"id": "CVE-2017-6032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a2ad11b3-ca53-436e-80f3-47c4077e853c"
},
{
"db": "CNVD",
"id": "CNVD-2017-04917"
},
{
"db": "VULHUB",
"id": "VHN-114235"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005264"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1003"
},
{
"db": "NVD",
"id": "CVE-2017-6032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "IVD",
"id": "a2ad11b3-ca53-436e-80f3-47c4077e853c"
},
{
"date": "2017-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04917"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114235"
},
{
"date": "2017-04-11T00:00:00",
"db": "BID",
"id": "97562"
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005264"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1003"
},
{
"date": "2017-06-30T03:29:00.423000",
"db": "NVD",
"id": "CVE-2017-6032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04917"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114235"
},
{
"date": "2017-04-18T08:04:00",
"db": "BID",
"id": "97562"
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005264"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1003"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon PLC Multi-factor authentication bypass vulnerability",
"sources": [
{
"db": "IVD",
"id": "a2ad11b3-ca53-436e-80f3-47c4077e853c"
},
{
"db": "CNVD",
"id": "CNVD-2017-04917"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1003"
}
],
"trust": 0.6
}
}
CVE-2017-6034 (GCVE-0-2017-6034)
Vulnerability from nvd – Published: 2017-06-30 02:35 – Updated: 2026-06-04 21:07
VLAI
Title
Schneider Electric Modicon Modbus Protocol Authentication Bypass by Capture-replay
Summary
An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Modicon Modbus Protocol |
Affected:
all versions
|
Date Public
2017-06-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01"
},
{
"name": "97562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97562"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-6034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T19:09:00.802921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:09:05.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon Modbus Protocol",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eran Goldstein of CRITIFENCE reported the identified vulnerabilities."
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.\u003c/p\u003e"
}
],
"value": "An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T21:07:21.157Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01"
},
{
"name": "97562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97562"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2017/icsa-17-101-01.json"
},
{
"url": "https://www.se.com/us/en/download/document/SEVD-2017-065-01/"
}
],
"source": {
"advisory": "ICSA-17-101-01",
"discovery": "UNKNOWN"
},
"title": "Schneider Electric Modicon Modbus Protocol Authentication Bypass by Capture-replay",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has reported that they have introduced compensating controls to limit the exploitability of the identified vulnerabilities in many of the PLCs in the Modicon family; however, Schneider Electric recommends that users apply security measures to improve resiliency.\u003c/p\u003e\u003cp\u003eSchneider Electric\u2019s Momentum M1E controllers (all versions of model 171CBU98090 and all versions of model 171CBU98091) do not have built-in compensating controls to limit the exploitability of the identified vulnerabilities and Schneider Electric instructs users to take the following defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eProtect access to M1E controllers by a firewall blocking all remote/external access to Port 502.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSchneider Electric reports that Modicon M340, M580, Premium and Quantum users should take one or more of the following defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable protection based on an authentication to connect to PLC. This method relies on a feature named Application Password. Once enabled, password-based authentication is required whenever a user connects to change their application program;\u003c/li\u003e\u003cli\u003eEnable protection relying on an input (M340, Premium, Quantum) or a key switch in the front panel (Quantum) to reject remote connection or run/stop commands; and\u003c/li\u003e\u003cli\u003eEnable the \u201cAccess Control List protection,\u201d where users are able to configure the restricted IP addresses that are pre-authorized to control the PLC.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, Schneider Electric has released a Cybersecurity Notification, which is available at the following location:\u003c/p\u003e\u003cp\u003ehttps://www.se.com/us/en/download/document/SEVD-2017-065-01/\u0026nbsp;\u003c/p\u003e"
}
],
"value": "Schneider Electric has reported that they have introduced compensating controls to limit the exploitability of the identified vulnerabilities in many of the PLCs in the Modicon family; however, Schneider Electric recommends that users apply security measures to improve resiliency.\n\n\n\nSchneider Electric\u2019s Momentum M1E controllers (all versions of model 171CBU98090 and all versions of model 171CBU98091) do not have built-in compensating controls to limit the exploitability of the identified vulnerabilities and Schneider Electric instructs users to take the following defensive measures:\n\n * Protect access to M1E controllers by a firewall blocking all remote/external access to Port 502.\n\n\n\n\nSchneider Electric reports that Modicon M340, M580, Premium and Quantum users should take one or more of the following defensive measures:\n\n * Enable protection based on an authentication to connect to PLC. This method relies on a feature named Application Password. Once enabled, password-based authentication is required whenever a user connects to change their application program;\n * Enable protection relying on an input (M340, Premium, Quantum) or a key switch in the front panel (Quantum) to reject remote connection or run/stop commands; and\n * Enable the \u201cAccess Control List protection,\u201d where users are able to configure the restricted IP addresses that are pre-authorized to control the PLC.\n\n\n\n\nFor additional information, Schneider Electric has released a Cybersecurity Notification, which is available at the following location:\n\n\n\nhttps://www.se.com/us/en/download/document/SEVD-2017-065-01/"
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Modicon Modbus Protocol",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Modicon Modbus Protocol"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01"
},
{
"name": "97562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97562"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6034",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2026-06-04T21:07:21.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-6034 (GCVE-0-2017-6034)
Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2026-06-04 21:07
VLAI
Title
Schneider Electric Modicon Modbus Protocol Authentication Bypass by Capture-replay
Summary
An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Modicon Modbus Protocol |
Affected:
all versions
|
Date Public
2017-06-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01"
},
{
"name": "97562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97562"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-6034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T19:09:00.802921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:09:05.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon Modbus Protocol",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eran Goldstein of CRITIFENCE reported the identified vulnerabilities."
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.\u003c/p\u003e"
}
],
"value": "An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T21:07:21.157Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01"
},
{
"name": "97562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97562"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2017/icsa-17-101-01.json"
},
{
"url": "https://www.se.com/us/en/download/document/SEVD-2017-065-01/"
}
],
"source": {
"advisory": "ICSA-17-101-01",
"discovery": "UNKNOWN"
},
"title": "Schneider Electric Modicon Modbus Protocol Authentication Bypass by Capture-replay",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric has reported that they have introduced compensating controls to limit the exploitability of the identified vulnerabilities in many of the PLCs in the Modicon family; however, Schneider Electric recommends that users apply security measures to improve resiliency.\u003c/p\u003e\u003cp\u003eSchneider Electric\u2019s Momentum M1E controllers (all versions of model 171CBU98090 and all versions of model 171CBU98091) do not have built-in compensating controls to limit the exploitability of the identified vulnerabilities and Schneider Electric instructs users to take the following defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eProtect access to M1E controllers by a firewall blocking all remote/external access to Port 502.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSchneider Electric reports that Modicon M340, M580, Premium and Quantum users should take one or more of the following defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable protection based on an authentication to connect to PLC. This method relies on a feature named Application Password. Once enabled, password-based authentication is required whenever a user connects to change their application program;\u003c/li\u003e\u003cli\u003eEnable protection relying on an input (M340, Premium, Quantum) or a key switch in the front panel (Quantum) to reject remote connection or run/stop commands; and\u003c/li\u003e\u003cli\u003eEnable the \u201cAccess Control List protection,\u201d where users are able to configure the restricted IP addresses that are pre-authorized to control the PLC.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, Schneider Electric has released a Cybersecurity Notification, which is available at the following location:\u003c/p\u003e\u003cp\u003ehttps://www.se.com/us/en/download/document/SEVD-2017-065-01/\u0026nbsp;\u003c/p\u003e"
}
],
"value": "Schneider Electric has reported that they have introduced compensating controls to limit the exploitability of the identified vulnerabilities in many of the PLCs in the Modicon family; however, Schneider Electric recommends that users apply security measures to improve resiliency.\n\n\n\nSchneider Electric\u2019s Momentum M1E controllers (all versions of model 171CBU98090 and all versions of model 171CBU98091) do not have built-in compensating controls to limit the exploitability of the identified vulnerabilities and Schneider Electric instructs users to take the following defensive measures:\n\n * Protect access to M1E controllers by a firewall blocking all remote/external access to Port 502.\n\n\n\n\nSchneider Electric reports that Modicon M340, M580, Premium and Quantum users should take one or more of the following defensive measures:\n\n * Enable protection based on an authentication to connect to PLC. This method relies on a feature named Application Password. Once enabled, password-based authentication is required whenever a user connects to change their application program;\n * Enable protection relying on an input (M340, Premium, Quantum) or a key switch in the front panel (Quantum) to reject remote connection or run/stop commands; and\n * Enable the \u201cAccess Control List protection,\u201d where users are able to configure the restricted IP addresses that are pre-authorized to control the PLC.\n\n\n\n\nFor additional information, Schneider Electric has released a Cybersecurity Notification, which is available at the following location:\n\n\n\nhttps://www.se.com/us/en/download/document/SEVD-2017-065-01/"
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Modicon Modbus Protocol",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Modicon Modbus Protocol"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01"
},
{
"name": "97562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97562"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6034",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2026-06-04T21:07:21.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}