CVE-2017-6030

CVE-2017-6030: Schneider Electric Modicon PLCs Predictable Value Range from Previous Values

Vendor Schneider Electric
Product Modicon M221
Weakness CWE-343
Published June 30, 2017
Last update June 4, 2026

CVSS base score

What the vulnerability does

01Description

A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.

Key dates

02Disclosure timeline

June 30, 2017 CVE published
June 4, 2026 Record updated