这表示检测到向 Schneider Electric Modicon 产品发送敏感信息的明文传输。存在该漏洞是因为登录凭据以明文 Base64 编码通过网络发送。可以观察明文用户凭据的攻击者随后可能能够登录到 Web 应用程序并执行未经授权的数据监控或未经授权的操作。

Modicon M241 Logic Controller, firmware version prior to 5.0.8.4 Modicon M251 Logic Controller, firmware version prior to 5.0.8.4 Modicon Quantum Co-processors ref. 140CPU6* Modicon Premium Co-processors ref. TSXP* and TSXH* Modicon Quantum Ethernet communication modules ref.140NOE* and 140NOC* Modicon Premium Ethernet communication modules ref. TSXETY* Modicon M340 CPU ref. BMXP34* Modicon M340 Ethernet communication Modules ref. BMXNOC*, BMXNOE*, BMXNOR* Modicon Momentum Ethernet MD

身份验证绕过

应用供应商的更新。 https://www.se.com/ww/en/download/document/SEVD-2017-075-03/