What is the severity of CVE-2017-6030?

CVE-2017-6030 has a medium severity rating due to potential exploitation impacting the reliability of Schneider Electric Modicon PLCs.

How do I fix CVE-2017-6030?

To remediate CVE-2017-6030, upgrade to Schneider Electric Modicon M221 firmware version 1.5.0.0 or higher, Modicon M241 firmware version 4.0.5.11 or higher, or Modicon M251 firmware version 4.0.5.11 or higher.

Who is affected by CVE-2017-6030?

CVE-2017-6030 affects Schneider Electric Modicon M221, M241, and M251 PLCs with specific firmware versions prior to the documented secure versions.

What type of vulnerability is CVE-2017-6030?

CVE-2017-6030 is a Predictable Value Range from Previous Values vulnerability that can allow attackers to predict PLC behavior.

What products are affected by CVE-2017-6030?

The affected products for CVE-2017-6030 include Schneider Electric Modicon M221, M241, and M251 PLCs running vulnerable firmware versions.

Vulnerability/
CVE-2017-6030

medium

6.5

CWE

331 343

30/6/2017

5/8/2024

CVE-2017-6030

First published: Fri Jun 30 2017(Updated: )

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Schneider Electric Modicon M241	<=4.0.3.20
Schneider Electric Modicon M241
schneider-electric Modicon M251	<=4.0.3.20
Modicon M251
Schneider Electric Modicon M221 Firmware	<=1.1.1.5
Schneider Electric Modicon M221 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6030?
CVE-2017-6030 has a medium severity rating due to potential exploitation impacting the reliability of Schneider Electric Modicon PLCs.
How do I fix CVE-2017-6030?
To remediate CVE-2017-6030, upgrade to Schneider Electric Modicon M221 firmware version 1.5.0.0 or higher, Modicon M241 firmware version 4.0.5.11 or higher, or Modicon M251 firmware version 4.0.5.11 or higher.
Who is affected by CVE-2017-6030?
CVE-2017-6030 affects Schneider Electric Modicon M221, M241, and M251 PLCs with specific firmware versions prior to the documented secure versions.
What type of vulnerability is CVE-2017-6030?
CVE-2017-6030 is a Predictable Value Range from Previous Values vulnerability that can allow attackers to predict PLC behavior.
What products are affected by CVE-2017-6030?
The affected products for CVE-2017-6030 include Schneider Electric Modicon M221, M241, and M251 PLCs running vulnerable firmware versions.

agent/weakness
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/schneider-electric
canonical/schneider electric modicon m241
version/schneider electric modicon m241/4.0.3.20
canonical/schneider-electric modicon m251
version/schneider-electric modicon m251/4.0.3.20
canonical/modicon m251
canonical/schneider electric modicon m221 firmware
version/schneider electric modicon m221 firmware/1.1.1.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.