An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSchneider Electric Modbus
HWSchneider-Electricwszystkie wersjeSchneider Electric Modbus Firmware
OSSchneider-Electricwszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
Related vulnerabilities
CVE-2017-6032MEDIUM5.3ten sam produkt
A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. Th...
CVE-2018-7841CRITICAL9.8⚠ KEVten sam vendor
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unw...
CVE-2024-10575CRITICAL10.0PL ✓ten sam vendor
Brak autoryzacji w Schneider Electric EcoStruxure IT Gateway (CVSS 10.0)
CVE-2024-6407CRITICAL9.8PL ✓ten sam vendor
Ujawnienie poświadczeń w urządzeniu Schneider Electric WHC-5918A
CVE-2024-37036CRITICAL9.8PL ✓ten sam vendor
Out-of-bounds Write umożliwiający Auth Bypass w Schneider Electric Sage RTU