CVE-2017-6032

{"id": "CVE-2017-6032", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2017-06-30T03:29:00.423", "references": [{"url": "http://www.securityfocus.com/bid/97562", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-358"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-657"}]}], "descriptions": [{"lang": "en", "value": "A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks."}, {"lang": "es", "value": "Se ha descubierto un problema de violaci\u00f3n de principios de dise\u00f1o seguro en el protocolo Modicon Modbus, de Schneider Electric. El protocolo Modicon Modbus tiene una debilidad relacionada con la sesi\u00f3n que lo hace susceptible a ataques de fuerza bruta."}], "lastModified": "2019-10-09T23:28:35.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modbus_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDF59532-F8A6-4EFC-9B65-7FE1C37B6222"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modbus:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B98D3886-8E25-44A6-9BA0-97274DBE4D39"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}