Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability
CVE-2023-6408

8.1HIGH

Key Information:

Vendor

Schneider Electric
Status
Modicon M340 Cpu (part Numbers Bmxp34*)
Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, Excluding M580 Cpu Safety)
Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s)
Ecostruxure Control Expert
Vendor
CVE Published:
14 February 2024

What is CVE-2023-6408?

A vulnerability exists in Schneider Electric's communication systems which allows for improper enforcement of message integrity during transmission, potentially enabling attackers to execute Man-in-the-Middle attacks. This flaw raises serious concerns for the confidentiality and integrity of data as unauthorized entities might intercept and manipulate communications. If exploited, this vulnerability can result in significant disruptions and a dangerous compromise of sensitive information within the affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EcoStruxure Control Expert Versions prior to v16.0

EcoStruxure Process Expert Versions prior to v2023

Modicon M340 CPU (part numbers BMXP34*) Versions prior to sv3.60

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.