CVE-2017-6034
9.8 CRITICALAn authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol
Published: 2017-06-30 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-287, CWE-294
Affected products
| Vendor | Product |
|---|---|
| schneider-electric | modbus_firmware |
Description
An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2017-6034
- [Other]http://www.securityfocus.com/bid/97562
- [Other]https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2017/icsa-17-101-01.json
- [Other]https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01
- [Other]https://www.se.com/us/en/download/document/SEVD-2017-065-01/
- [Other]http://www.securityfocus.com/bid/97562
- [Other]https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01
Related CVEs
Same vendor
- CVE-2026-6332 — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information whic... (7.5 HIGH)
- CVE-2022-0715 — A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a... (9.1 CRITICAL)
- CVE-2021-22788 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP re... (7.5 HIGH)
- CVE-2021-22787 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specia... (7.5 HIGH)
- CVE-2021-22785 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to... (7.5 HIGH)
Same CWE
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
- CVE-2026-50623 — An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF (6.5 MEDIUM)
- CVE-2026-48611 — Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading t... (9.8 CRITICAL)
- CVE-2026-41000 — Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks (3.7 LOW)
- CVE-2026-40995 — X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, ... (5.4 MEDIUM)