CVE-2017-6026

CVE-2017-6026

Vendor N/A
Product Schneider Electric Modicon PLCs
Weakness CWE-330 · Insufficient randomness
Published June 30, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.

Key dates

02Disclosure timeline

June 30, 2017 CVE published
August 5, 2024 Record updated