CRITICAL🇵🇱 Wersja polska

CVE-2017-6026

CVSS 9.1v3.1pub. 2017-06-30upd. 2026-05-13

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Schneider Electric Modicon M241

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M241 Firmware

    OS
    Schneider-Electric
    ≤ 4.0.3.20
  • Schneider Electric Modicon M251

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M251 Firmware

    OS
    Schneider-Electric
    ≤ 4.0.3.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-7487CRITICAL9.8ten sam produkt

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker ...

CVE-2017-6028CRITICAL9.8ten sam produkt

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, ...

CVE-2021-22699HIGH7.5ten sam produkt

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9...

CVE-2020-7488HIGH7.5ten sam produkt

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive inf...

CVE-2019-6820HIGH8.2ten sam produkt

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification ...