An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-06-30T02:35:00

Updated: 2024-08-05T15:18:49.367Z

Reserved: 2017-02-16T00:00:00

Link: CVE-2017-6028

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-06-30T03:29:00.360

Modified: 2024-11-21T03:28:56.143

Link: CVE-2017-6028

cve-icon Redhat

No data.