SB2024112632 - Multiple vulnerabilities in Schneider Electric Modicon M340, MC80, and Momentum Unity M1E

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024112632

SB2024112632 - Multiple vulnerabilities in Schneider Electric Modicon M340, MC80, and Momentum Unity M1E

Published: November 26, 2024

Security Bulletin ID SB2024112632
Severity
Medium
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper Enforcement of Message Integrity During Transmission in a Communication Channel (CVE-ID: CVE-2024-8933)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper enforcement of message integrity during transmission in a communication channel. A remote attacker can inject themselves inside the logical network while a valid user uploads or downloads a project file into the controller, gain access to password hash and execute arbitrary code on the system.


2) Authentication Bypass by Spoofing (CVE-ID: CVE-2024-8935)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an authentication bypass issue. A remote attacker can perform a man-in-the-middle (MitM) attack and bypass authentication on the target system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References