VYPR
Critical severity9.1NVD Advisory· Published Jun 30, 2017· Updated Jun 17, 2026

CVE-2017-6026

CVE-2017-6026

Description

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*range: <=4.0.3.20
    • (no CPE)range: <4.0.5.11
  • cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*range: <=4.0.3.20
    • (no CPE)range: <4.0.5.11

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.