Critical severity9.1NVD Advisory· Published Jun 30, 2017· Updated Jun 17, 2026
CVE-2017-6026
CVE-2017-6026
Description
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*range: <=4.0.3.20
- (no CPE)range: <4.0.5.11
cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*range: <=4.0.3.20
- (no CPE)range: <4.0.5.11
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/45918/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/97254nvdThird Party AdvisoryVDB Entry
- ics-cert.us-cert.gov/advisories/ICSA-17-089-02nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.