CVE-2023-25619

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon M340 CPU (part numbers BMXP34*)prior to SV3.51affected
Schneider ElectricModicon M580 CPU (part numbers BMEP* and BMEH*)prior to V4.10affected
Schneider ElectricModicon M580 CPU Safety (part numbers BMEP58S and BMEH58S)Allaffected
Schneider ElectricModicon Momentum Unity M1E Processor (171CBU*)Allaffected
Schneider ElectricModicon MC80 (BMKC80)Allaffected
Schneider ElectricLegacy Modicon Quantum (140CPU65*)Allaffected
Schneider ElectricLegacy Modicon Premium CPUs (TSXP57*)Allaffected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References