CVE-2024-8935

Summary

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a communication session. This vulnerability is inherent to Diffie Hellman algorithm which does not protect against Man-In-The-Middle attacks.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon M340 CPU (part numbers BMXP34*)All versions since SV3.60affected
Schneider ElectricModicon MC80 (part numbers BMKC80)All versionsaffected
Schneider ElectricModicon Momentum Unity M1E Processor (171CBU*)All Versionsaffected

Weaknesses

  • CWE-290: CWE-290 Authentication Bypass by Spoofing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References