What is the severity of CVE-2017-6028?

CVE-2017-6028 is classified as a high severity vulnerability due to its risk of credential exposure.

How do I fix CVE-2017-6028?

To fix CVE-2017-6028, implement secure communication methods such as encryption to protect login credentials.

What devices are affected by CVE-2017-6028?

CVE-2017-6028 affects Schneider Electric Modicon M241 and Modicon M251 PLCs across all firmware versions.

What types of credentials are at risk in CVE-2017-6028?

CVE-2017-6028 risks the exposure of login credentials that are transmitted using Base64 encoding.

Is it possible to mitigate CVE-2017-6028 without a firmware update?

Yes, you can mitigate CVE-2017-6028 by employing network security measures such as VPNs or firewalls.

Vulnerability/
CVE-2017-6028

critical

9.8

CWE

522

30/6/2017

5/8/2024

CVE-2017-6028

First published: Fri Jun 30 2017(Updated: )

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Schneider Electric Modicon M241	<=4.0.3.20
Schneider Electric Modicon M241
schneider-electric Modicon M251 firmware	<=4.0.3.20
schneider-electric Modicon M251

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6028?
CVE-2017-6028 is classified as a high severity vulnerability due to its risk of credential exposure.
How do I fix CVE-2017-6028?
To fix CVE-2017-6028, implement secure communication methods such as encryption to protect login credentials.
What devices are affected by CVE-2017-6028?
CVE-2017-6028 affects Schneider Electric Modicon M241 and Modicon M251 PLCs across all firmware versions.
What types of credentials are at risk in CVE-2017-6028?
CVE-2017-6028 risks the exposure of login credentials that are transmitted using Base64 encoding.
Is it possible to mitigate CVE-2017-6028 without a firmware update?
Yes, you can mitigate CVE-2017-6028 by employing network security measures such as VPNs or firewalls.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/weakness
agent/severity
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/schneider-electric
canonical/schneider electric modicon m241
version/schneider electric modicon m241/4.0.3.20
canonical/schneider-electric modicon m251 firmware
version/schneider-electric modicon m251 firmware/4.0.3.20
canonical/schneider-electric modicon m251

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.