This indicates the detection of a cleartext transmission of sensitive information to Schneider Electric Modicon products.
The vulnerability exists because the login credentials are sent over the network in cleartext Base64 encoding. Attackers who can observe cleartext user credentials may then be able to log in to the web application and perform unauthorized data monitoring or unauthorized operations.
Modicon M241 Logic Controller, firmware version prior to 220.127.116.11
Modicon M251 Logic Controller, firmware version prior to 18.104.22.168
Modicon Quantum Co-processors ref. 140CPU6*
Modicon Premium Co-processors ref. TSXP* and TSXH*
Modicon Quantum Ethernet communication modules ref.140NOE* and 140NOC*
Modicon Premium Ethernet communication modules ref. TSXETY*
Modicon M340 CPU ref. BMXP34*
Modicon M340 Ethernet communication Modules ref. BMXNOC*, BMXNOE*, BMXNOR*
Modicon Momentum Ethernet MD
Apply the vendor's update.