cvedb.io
CVE-2017-6026
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2017-06-30T03:29:00.327 · Last modified 2026-06-17T01:21:39.113

Summary

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.

Affected products

schneider-electric — modicon_m251_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when schneider-electric ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.