Unrated severityNVD Advisory· Published Feb 14, 2024· Updated Aug 2, 2024

CVE-2023-6408

Description

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.

Affected products

Schneider Electric/EcoStruxure Control Expertcpe-rescue
Range: Versions prior to v16.0
Schneider Electric/EcoStruxure Process Expertcpe-rescue
Range: Versions prior to v2023
Schneider Electric/Modicon M340 CPU (part numbers BMXP34*)v5
Range: Versions prior to sv3.60
Schneider Electric/Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)v5
Range: Versions prior to sv4.20
Schneider Electric/Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)v5
Range: All Versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

download.schneider-electric.com/filesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000