Details of VAR-201706-0456

ID

VAR-201706-0456

CVE

CVE-2017-6026

TITLE

Schneider Electric Modicon PLC Modicon M241 and M251 Vulnerability related to insufficient random values in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-005287

DESCRIPTION

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised. Schneider-Electric Modicon M251 and others are programmable controller products from Schneider Electric. Security vulnerabilities exist in several Schneider Electric Modicon products. Successfully exploiting these issues may allow attackers to obtain sensitive information or perform unauthorized actions. This may lead to other attacks

Trust: 2.79

sources: NVD: CVE-2017-6026 // JVNDB: JVNDB-2017-005287 // CNVD: CNVD-2017-09890 // BID: 97254 // IVD: b2e725eb-bf44-40df-91c3-adc24e4992ec // VULHUB: VHN-114229 // VULMON: CVE-2017-6026

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: b2e725eb-bf44-40df-91c3-adc24e4992ec // CNVD: CNVD-2017-09890

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m241	scope:	lte	version:	4.0.3.20	Trust: 1.0
vendor:	schneider electric	model:	modicon m251	scope:	lte	version:	4.0.3.20	Trust: 1.0
vendor:	schneider electric	model:	modicon m241	scope:	lt	version:	4.0.5.11	Trust: 0.8
vendor:	schneider electric	model:	modicon m251	scope:	lt	version:	4.0.5.11	Trust: 0.8
vendor:	schneider	model:	electric modicon m251	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m241	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m221	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	modicon m241	scope:	eq	version:	4.0.3.20	Trust: 0.6
vendor:	schneider electric	model:	modicon m251	scope:	eq	version:	4.0.3.20	Trust: 0.6
vendor:	schneider electric	model:	modicon m251	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon m241	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon m221	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon m251	scope:	ne	version:	4.0.5.11	Trust: 0.3
vendor:	schneider electric	model:	modicon m241	scope:	ne	version:	4.0.5.11	Trust: 0.3
vendor:	schneider electric	model:	modicon m221	scope:	ne	version:	1.5.0.0	Trust: 0.3
vendor:	modicon m251	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicon m241	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: b2e725eb-bf44-40df-91c3-adc24e4992ec // CNVD: CNVD-2017-09890 // BID: 97254 // JVNDB: JVNDB-2017-005287 // CNNVD: CNNVD-201702-586 // NVD: CVE-2017-6026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6026
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-6026
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-09890
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-586
value:	CRITICAL
Trust: 0.6
IVD:	b2e725eb-bf44-40df-91c3-adc24e4992ec
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-114229
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-6026
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6026
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-09890
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	b2e725eb-bf44-40df-91c3-adc24e4992ec
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-114229
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6026
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2017-6026
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: b2e725eb-bf44-40df-91c3-adc24e4992ec // CNVD: CNVD-2017-09890 // VULHUB: VHN-114229 // VULMON: CVE-2017-6026 // JVNDB: JVNDB-2017-005287 // CNNVD: CNNVD-201702-586 // NVD: CVE-2017-6026

PROBLEMTYPE DATA

problemtype:

CWE-330

Trust: 1.9

sources: VULHUB: VHN-114229 // JVNDB: JVNDB-2017-005287 // NVD: CVE-2017-6026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-586

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201702-586

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005287

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-114229

PATCH

title:	SEVD-2017-075-02	url:	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-075-02	Trust: 0.8
title:	Patch for multiple Schneider Electric Modicon product session fixation vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/95625	Trust: 0.6
title:	Schneider Electric Modicon PLCs Modicon M241 and Modicon M251 Fixing measures for security feature vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160265	Trust: 0.6
title:	CVE-2017-6026	url:	https://github.com/AlAIAL90/CVE-2017-6026	Trust: 0.1

sources: CNVD: CNVD-2017-09890 // VULMON: CVE-2017-6026 // JVNDB: JVNDB-2017-005287 // CNNVD: CNNVD-201702-586

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6026	Trust: 3.7
db:	ICS CERT	id:	ICSA-17-089-02	Trust: 2.9
db:	BID	id:	97254	Trust: 2.7
db:	EXPLOIT-DB	id:	45918	Trust: 1.8
db:	CNNVD	id:	CNNVD-201702-586	Trust: 0.9
db:	CNVD	id:	CNVD-2017-09890	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005287	Trust: 0.8
db:	IVD	id:	B2E725EB-BF44-40DF-91C3-ADC24E4992EC	Trust: 0.2
db:	PACKETSTORM	id:	150551	Trust: 0.1
db:	VULHUB	id:	VHN-114229	Trust: 0.1
db:	VULMON	id:	CVE-2017-6026	Trust: 0.1

sources: IVD: b2e725eb-bf44-40df-91c3-adc24e4992ec // CNVD: CNVD-2017-09890 // VULHUB: VHN-114229 // VULMON: CVE-2017-6026 // BID: 97254 // JVNDB: JVNDB-2017-005287 // CNNVD: CNNVD-201702-586 // NVD: CVE-2017-6026

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-089-02	Trust: 3.0
url:	http://www.securityfocus.com/bid/97254	Trust: 2.4
url:	https://www.exploit-db.com/exploits/45918/	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6026	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6026	Trust: 0.8
url:	http://www.schneider-electric.com/products/ww/en/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/330.html	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=53311	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-09890 // VULHUB: VHN-114229 // VULMON: CVE-2017-6026 // BID: 97254 // JVNDB: JVNDB-2017-005287 // CNNVD: CNNVD-201702-586 // NVD: CVE-2017-6026

CREDITS

David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc

Trust: 0.3

sources: BID: 97254

SOURCES

db:	IVD	id:	b2e725eb-bf44-40df-91c3-adc24e4992ec
db:	CNVD	id:	CNVD-2017-09890
db:	VULHUB	id:	VHN-114229
db:	VULMON	id:	CVE-2017-6026
db:	BID	id:	97254
db:	JVNDB	id:	JVNDB-2017-005287
db:	CNNVD	id:	CNNVD-201702-586
db:	NVD	id:	CVE-2017-6026

LAST UPDATE DATE

2024-11-23T21:54:00.502000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-09890	date:	2017-06-16T00:00:00
db:	VULHUB	id:	VHN-114229	date:	2018-12-01T00:00:00
db:	VULMON	id:	CVE-2017-6026	date:	2021-08-26T00:00:00
db:	BID	id:	97254	date:	2017-04-04T00:02:00
db:	JVNDB	id:	JVNDB-2017-005287	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201702-586	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2017-6026	date:	2024-11-21T03:28:55.890

SOURCES RELEASE DATE

db:	IVD	id:	b2e725eb-bf44-40df-91c3-adc24e4992ec	date:	2017-06-16T00:00:00
db:	CNVD	id:	CNVD-2017-09890	date:	2017-06-16T00:00:00
db:	VULHUB	id:	VHN-114229	date:	2017-06-30T00:00:00
db:	VULMON	id:	CVE-2017-6026	date:	2017-06-30T00:00:00
db:	BID	id:	97254	date:	2017-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-005287	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201702-586	date:	2017-02-17T00:00:00
db:	NVD	id:	CVE-2017-6026	date:	2017-06-30T03:29:00.327