← back
CVE-2017-6026

CVE-2017-6026

EPSS 31.8%CWE-330
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.
Affected products
n/a · Schneider Electric Modicon PLCs
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45918/unverifiedexploitdbwww.exploit-db.com/exploits/45918unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02https://www.exploit-db.com/exploits/45918/http://www.securityfocus.com/bid/97254