CVE-2024-8938

Summary

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory size computation.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon M340 CPU (part numbers BMXP34*)Versions prior to SV3.65affected
Schneider ElectricModicon MC80 (part numbers BMKC80)All versionsaffected
Schneider ElectricModicon Momentum Unity M1E Processor (171CBU*)All Versionsaffected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References