NVD

Id
84866  
Name
CVE-2017-7574  
Description
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-04-27  
Published
2017-04-06  
Modified Date
2017-04-14  
Seq
2017-7574  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
417716 84866 CVE-2017-3038 97556  View
417717 84866 CVE-2017-3038 https://helpx.adobe.com/security/products/acrobat/apsb17-11.html  View
417718 84866 CVE-2017-3038 97556  View
417719 84866 CVE-2017-3038 https://helpx.adobe.com/security/products/acrobat/apsb17-11.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
66731 JVNDB-2017-003056 Schneider Electric SoMachine Basic および Modicon におけるハードコードされた認証情報の使用に関する脆弱性 Schneider Electric SoMachine Basic および Modicon には、ハードコードされた認証情報の使用に関する脆弱性が存在します。 CVE-2017-7574 0 CVE-2017-7574 84866 7.5 9.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-003056.html 2017-04-07 2017-05-12 View