CVE-2017-6028

Name of the Vulnerable Software and Affected Versions Modicon M241 versions all firmware versions Modicon M251 versions all firmware versions

Description An issue was discovered where log-in credentials are sent over the network with Base64 encoding, leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. This issue is related to insufficient protection of credentials, which could allow a remote attacker to intercept credentials and gain access to the web application.

Recommendations For Modicon M241, consider implementing additional security measures to protect log-in credentials, such as encryption or secure transmission protocols, until a patch is available. For Modicon M251, restrict access to the web application and consider using alternative authentication methods to minimize the risk of exploitation. As a temporary workaround, consider disabling remote access to the web application for both Modicon M241 and Modicon M251 until the issue is resolved.