Schneider Electric Modicon PLCs Predictable Value Range from Previous Values
Summary
| CVE | CVE-2017-6030 |
|---|---|
| State | PUBLISHED |
| Assigner | icscert |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-30 03:29:00 UTC |
| Updated | 2026-06-04 22:16:50 UTC |
| Description | A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections. |
Risk And Classification
Primary CVSS: v3.1 6.5 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS: 0.005280000 probability, percentile 0.675240000 (date 2026-06-09)
Problem Types: CWE-343 | CWE-331 | CWE-343 CWE-343
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
| 3.1 | ADP | DECLARED | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
| 2.0 | [email protected] | Primary | 6.4 | AV:N/AC:L/Au:N/C:N/I:P/A:P |
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CVSS v2.0 Breakdown
AV:N/AC:L/Au:N/C:N/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Schneider-electric | Modicon M221 | - | All | All | All |
| Operating System | Schneider-electric | Modicon M221 Firmware | All | All | All | All |
| Hardware | Schneider-electric | Modicon M241 | - | All | All | All |
| Operating System | Schneider-electric | Modicon M241 Firmware | All | All | All | All |
| Hardware | Schneider-electric | Modicon M251 | - | All | All | All |
| Operating System | Schneider-electric | Modicon M251 Firmware | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Schneider Electric | Modicon M221 | affected 1.5.0.0 custom | Not specified |
| CNA | Schneider Electric | Modicon M241 | affected 4.0.5.11 custom | Not specified |
| CNA | Schneider Electric | Modicon M251 | affected 4.0.5.11 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2017/icsa-17-08... | [email protected] | github.com | |
| Schneider Electric Modicon PLCs | ICS-CERT | af854a3a-2127-422b-91ae-364da2661108 | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource |
| Multiple Schneider Electric Modicon Products Weak Cryptography Multiple Security Weaknesses | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc. reported the identified vulnerabilities. (en)
Additional Advisory Data
Solutions
CNA: Schneider Electric has released new firmware versions to address the predictable value range from previous values vulnerability and the use of insufficiently random values vulnerability, which are available through Schneider Electric’s software update tool, SoMachine, Version 4.2, and SoMachineBasic, Version 1.5. Schneider Electric has not released a product to address the insufficiently protected credentials vulnerability; however, Schneider Electric has provided compensating controls to reduce the risk of exploitation. SoMachineBasic, Version 1.5, is available at the following location: http://www.schneider-electric.fr/fr/download/document/SOMBASAP15SOFT/ Schneider Electric has provided the following compensating controls to reduce the risk of exploitation of the insufficiently protected credentials vulnerability: * Verify that the hardware and software infrastructure that the PLCs are integrated into (along with all organizational measures and rules covering access to the infrastructure) consider the results of the hazard and risk analysis, and are implemented according to best practices and standards such as ISA/IEC 62443. * Limit traffic on the local network with managed switches * Where possible, avoid using Wi-Fi networks, but when Wi-Fi is essential, use only secure communications (such as WPA2 encryption) * Do not grant [network] access to unknown computers * When remote access is essential, use secure methods such as Virtual Private Networks (VPNs), and ensure the remote access solution(s), as well as the remote computer(s) are kept up-to-date with the latest security patches. Schneider Electric has released Security Notifications SEVD-2017-075-01, SEVD-2017-075-02, and SEVD-2017-075-03, which provide additional information about the identified vulnerabilities, mitigations, and compensating controls: http://www.schneider-electric.com/en/download/document/SEVD-2017-075-01/ http://www.schneider-electric.com/en/download/document/SEVD-2017-075-02/ http://www.schneider-electric.com/en/download/document/SEVD-2017-075-03/
Legacy QID Mappings
- 590487 Schneider Electric Modicon PLCs Multiple Vulnerabilities (ICSA-17-089-02)