Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability
CVE-2023-6408

8.1HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M340 Cpu (part Numbers Bmxp34*); Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, Excluding M580 Cpu Safety); Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s); Ecostruxure Control Expert
Vendor: CVE Published:; 14 February 2024

Summary

A vulnerability exists in Schneider Electric's communication systems which allows for improper enforcement of message integrity during transmission, potentially enabling attackers to execute Man-in-the-Middle attacks. This flaw raises serious concerns for the confidentiality and integrity of data as unauthorized entities might intercept and manipulate communications. If exploited, this vulnerability can result in significant disruptions and a dangerous compromise of sensitive information within the affected systems.

Affected Version(s)

EcoStruxure Control Expert Versions prior to v16.0

EcoStruxure Process Expert Versions prior to v2023

Modicon M340 CPU (part numbers BMXP34*) Versions prior to sv3.60

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Nov 30, 2023