Denial of Service Vulnerability in Schneider Electric Modicon Controllers
CVE-2023-25619

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M340 Cpu (part Numbers Bmxp34*); Modicon M580 Cpu (part Numbers Bmep* And Bmeh*); Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s); Modicon Momentum Unity M1e Processor (171cbu*)
Vendor: CVE Published:; 19 April 2023

Summary

A vulnerability exists in Schneider Electric's Modicon controllers, where improper checks for unusual or exceptional conditions can lead to a denial of service when devices communicate using the Modbus TCP protocol. This could disrupt operations and requires immediate attention for proper remediation to ensure the integrity and availability of the affected controllers.

Affected Version(s)

Legacy Modicon Premium CPUs (TSXP57*) All

Legacy Modicon Quantum (140CPU65*) All

Modicon M340 CPU (part numbers BMXP34*) prior to SV3.51

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2023
Vulnerability Reserved
Feb 9, 2023