CVE-2023-6408

Summary

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon M340 CPU (part numbers BMXP34*)Versions prior to sv3.60affected
Schneider ElectricModicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)Versions prior to sv4.20affected
Schneider ElectricModicon M580 CPU Safety (part numbers BMEP58S and BMEH58S)All Versionsaffected
Schneider ElectricEcoStruxure Control ExpertVersions prior to v16.0affected
Schneider ElectricEcoStruxure Process ExpertVersions prior to v2023affected

Weaknesses

  • CWE-924: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References