#VU101039 Improper Enforcement of Message Integrity During Transmission in a Communication Channel in Schneider Electric products - CVE-2023-6408
Published: November 29, 2024
Vulnerability identifier: #VU101039
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-6408
CWE-ID: CWE-924
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Modicon MC80
Modicon Momentum Unity M1E Processor
Modicon M340
Modicon M580
Modicon M580 CPU Safety
Modicon MC80
Modicon Momentum Unity M1E Processor
Modicon M340
Modicon M580
Modicon M580 CPU Safety
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper enforcement of message integrity during transmission in a communication channel. A remote attacker can perform a man-in-the-middle (MitM) attack and execute arbitrary code on the system.
Remediation
Install updates from vendor's website.