What is CVE-2017-6034?

CVE-2017-6034 is a critical-severity vulnerability in Schneider Electric Modicon Modbus Protocol, classified under Authentication Bypass by Capture-replay. CVSS score: 9.8/10. Published 2017-06-30.

How severe is CVE-2017-6034?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2017-6034 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Schneider Electric Modicon Modbus Protocol

CVE-2017-6034

An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the foll…

EPSS: 0.001 (34.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Schneider Electric Modicon Modbus Protocol — versions all versions
Schneider-electric Modbus
Schneider-electric Modbus_firmware
N/a Schneider Electric Modicon Modbus Protocol — versions Schneider Electric Modicon Modbus Protocol

Weakness classification (CWE)

Public proof-of-concept exploits

0xICF/ClearEnergy

References

ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
ics-cert@hq.dhs.gov (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov

Frequently asked questions

What is CVE-2017-6034?: CVE-2017-6034 is a critical-severity vulnerability in Schneider Electric Modicon Modbus Protocol, classified under Authentication Bypass by Capture-replay. CVSS score: 9.8/10. Published 2017-06-30.
How severe is CVE-2017-6034?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2017-6034 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.