var-201706-0460
Vulnerability from variot
An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon PLC has a multi-authentication bypass vulnerability that allows an attacker accessing the OT network to intercept traffic to the target PLC, including the session identifier required to send management commands to the device. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0460",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modbus",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "modbus",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon modbus protocol",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbus",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modbus_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eran Goldstein of CRITIFENCE",
"sources": [
{
"db": "BID",
"id": "97562"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6034",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6034",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-04918",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114237",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6034",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6034",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6034",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-04918",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1002",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114237",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "VULHUB",
"id": "VHN-114237"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon PLC has a multi-authentication bypass vulnerability that allows an attacker accessing the OT network to intercept traffic to the target PLC, including the session identifier required to send management commands to the device. \nAn attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6034"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "VULHUB",
"id": "VHN-114237"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6034",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-101-01",
"trust": 2.8
},
{
"db": "BID",
"id": "97562",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-04918",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265",
"trust": 0.8
},
{
"db": "IVD",
"id": "6B623B8A-FA15-49A1-A6C9-6BB9DA206DA7",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114237",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "VULHUB",
"id": "VHN-114237"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"id": "VAR-201706-0460",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "VULHUB",
"id": "VHN-114237"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
}
]
},
"last_update_date": "2024-11-23T22:45:39.057000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-065-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-065-01"
},
{
"title": "Patch for Schneider Electric Modicon PLC Multi-Factor Authentication Bypass Vulnerability (CNVD-2017-04918)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92239"
},
{
"title": "Schneider Electric Modicon Modbus Protocol Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70261"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-294",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114237"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-101-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/97562"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6034"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6034"
},
{
"trust": 0.6,
"url": "http://securityaffairs.co/wordpress/57731/malware/clearenergy-ransomware-scada.html"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "VULHUB",
"id": "VHN-114237"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"db": "VULHUB",
"id": "VHN-114237"
},
{
"db": "BID",
"id": "97562"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "IVD",
"id": "6b623b8a-fa15-49a1-a6c9-6bb9da206da7"
},
{
"date": "2017-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114237"
},
{
"date": "2017-04-11T00:00:00",
"db": "BID",
"id": "97562"
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"date": "2017-06-30T03:29:00.453000",
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04918"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114237"
},
{
"date": "2017-04-18T08:04:00",
"db": "BID",
"id": "97562"
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005265"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1002"
},
{
"date": "2024-11-21T03:28:56.933000",
"db": "NVD",
"id": "CVE-2017-6034"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon Modbus Protocol Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005265"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1002"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…