PT-2017-16842 · Schneider Electric · Modicon M251+1
Deneut Tijl
+1
·
Publicado
2017-06-30
·
Atualizado
2022-02-02
·
CVE-2017-6026
CVSS v3.1
9.1
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Modicon M241 versions prior to 4.0.5.11
Modicon M251 versions prior to 4.0.5.11
Description
A Use of Insufficiently Random Values issue was discovered, where the session numbers generated by the web application lack randomization and are shared between several users. This may allow a current session to be compromised.
Recommendations
For Modicon M241 versions prior to 4.0.5.11, update to version 4.0.5.11 or later to resolve the issue.
For Modicon M251 versions prior to 4.0.5.11, update to version 4.0.5.11 or later to resolve the issue.
Exploit
Correção
Use of Insufficiently Random Values
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Modicon M241
Modicon M251