Improper Enforcement of Message Integrity During Transmission in a Communication Channel in Schneider Electric products - CVE-2023-6408
Published: November 29, 2024
Vulnerability identifier: #VU101039
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-6408
CWE-ID: CWE-924
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Schneider Electric
Affected software:
Modicon MC80
Modicon Momentum Unity M1E Processor
Modicon M340
Modicon M580
Modicon M580 CPU Safety
Modicon MC80
Modicon Momentum Unity M1E Processor
Modicon M340
Modicon M580
Modicon M580 CPU Safety
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper enforcement of message integrity during transmission in a communication channel. A remote attacker can perform a man-in-the-middle (MitM) attack and execute arbitrary code on the system.
How to mitigate CVE-2023-6408
Install updates from vendor's website.