#VU100920 Improper Enforcement of Message Integrity During Transmission in a Communication Channel in Schneider Electric products - CVE-2024-8933
Published: November 26, 2024
Vulnerability identifier: #VU100920
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-8933
CWE-ID: CWE-924
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Modicon M340
Modicon MC80
Modicon Momentum Unity M1E Processor
Modicon M340
Modicon MC80
Modicon Momentum Unity M1E Processor
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper enforcement of message integrity during transmission in a communication channel. A remote attacker can inject themselves inside the logical network while a valid user uploads or downloads a project file into the controller, gain access to password hash and execute arbitrary code on the system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.