A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2024-08-05T15:18:49.435Z
Reserved: 2017-02-16T00:00:00
Link: CVE-2017-6026

No data.

Status : Deferred
Published: 2017-06-30T03:29:00.327
Modified: 2025-04-20T01:37:25.860
Link: CVE-2017-6026

No data.

No data.