CVE-2023-25620

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon M340 CPU (part numbers BMXP34*)prior to SV3.51affected
Schneider ElectricModicon M580 CPU (part numbers BMEP* and BMEH*)prior to V4.10affected
Schneider ElectricModicon M580 CPU Safety (part numbers BMEP58S and BMEH58S)Allaffected
Schneider ElectricModicon Momentum Unity M1E Processor (171CBU*)Allaffected
Schneider ElectricModicon MC80 (BMKC80)Allaffected
Schneider ElectricLegacy Modicon Quantum (140CPU65*)Allaffected
Schneider ElectricLegacy Modicon Premium CPUs (TSXP57*)Allaffected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References