Multiple vulnerabilities in Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert and Modicon M340, M580 and M580 Safety PLCs



Risk High
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2023-6408
CVE-2023-6409
CVE-2023-27975
CWE-ID CWE-924
CWE-798
CWE-522
Exploitation vector Network
Public exploit N/A
Vulnerable software
Modicon MC80
Hardware solutions / Firmware

Modicon Momentum Unity M1E Processor
Hardware solutions / Firmware

Modicon M340
Hardware solutions / Firmware

Modicon M580
Hardware solutions / Firmware

Modicon M580 CPU Safety
Hardware solutions / Firmware

EcoStruxure Control Expert
Server applications / SCADA systems

EcoStruxure Process Expert
Server applications / SCADA systems

Vendor Schneider Electric

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Improper Enforcement of Message Integrity During Transmission in a Communication Channel

EUVDB-ID: #VU101039

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6408

CWE-ID: CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper enforcement of message integrity during transmission in a communication channel. A remote attacker can perform a man-in-the-middle (MitM) attack and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Modicon MC80: All versions

Modicon Momentum Unity M1E Processor: All versions

Modicon M340: before 3.60

Modicon M580: before 4.20

Modicon M580 CPU Safety: before 4.21

CPE2.3 External links

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf
http://www.cisa.gov/news-events/ics-advisories/icsa-24-331-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of hard-coded credentials

EUVDB-ID: #VU101040

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6409

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote attacker can gain access to a project file protected with application password.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EcoStruxure Control Expert: before 16.0

EcoStruxure Process Expert: before 2023

CPE2.3 External links

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf
http://www.cisa.gov/news-events/ics-advisories/icsa-24-331-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Insufficiently protected credentials

EUVDB-ID: #VU101041

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27975

CWE-ID: CWE-522 - Insufficiently Protected Credentials

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A local user can gain access to the project file.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EcoStruxure Control Expert: before 16.0

EcoStruxure Process Expert: before 2023

CPE2.3 External links

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf
http://www.cisa.gov/news-events/ics-advisories/icsa-24-331-03


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###