CVE-2017-6034

EPSS 0.16%
Veröffentlicht 30.06.2017 03:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Modbus Firmware Version-

Schneider-electric ≫ Modbus Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.342

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

http://www.securityfocus.com/bid/97562

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2017-6034

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6034

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6034

EUVD