CVE-2023-6408
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schneider Electric | Modicon M340 CPU (part numbers BMXP34*) | Versions prior to sv3.60 | affected |
| Schneider Electric | Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) | Versions prior to sv4.20 | affected |
| Schneider Electric | Modicon M580 CPU Safety (part numbers BMEP58S and BMEH58S) | All Versions | affected |
| Schneider Electric | EcoStruxure Control Expert | Versions prior to v16.0 | affected |
| Schneider Electric | EcoStruxure Process Expert | Versions prior to v2023 | affected |
Weaknesses
- CWE-924: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.