Improper Condition Check Vulnerability in Schneider Electric Controllers
CVE-2023-25620

6.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Modicon M340 Cpu (part Numbers Bmxp34*); Modicon M580 Cpu (part Numbers Bmep* And Bmeh*); Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s); Modicon Momentum Unity M1e Processor (171cbu*)
Vendor: CVE Published:; 19 April 2023

Summary

A security vulnerability exists in Schneider Electric Controllers that may lead to a denial of service if a malicious project file is uploaded by an authenticated user. This improper handling of unusual conditions, classified under CWE-754, exposes the controller to potential disruptions in operation. Users must ensure their systems are updated and secure against such vulnerabilities to maintain operational integrity and safety.

Affected Version(s)

Legacy Modicon Premium CPUs (TSXP57*) All

Legacy Modicon Quantum (140CPU65*) All

Modicon M340 CPU (part numbers BMXP34*) prior to SV3.51

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2023
Vulnerability Reserved
Feb 9, 2023