| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Schneider Electric Modicon M340 CPU, Modicon M580 CPU, Modicon M580 CPU Safety, EcoStruxure Control Expert and EcoStruxure Process Expert. It has been classified as critical. The affected element is an unknown function. The manipulation leads to message integrity. This vulnerability is listed as CVE-2023-6408. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
Details
A vulnerability was found in Schneider Electric Modicon M340 CPU, Modicon M580 CPU, Modicon M580 CPU Safety, EcoStruxure Control Expert and EcoStruxure Process Expert (SCADA Software). It has been rated as critical. This issue affects an unknown code block. The manipulation with an unknown input leads to a message integrity vulnerability. Using CWE to declare the problem leads to CWE-924. The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
The weakness was presented 02/14/2024 as SEVD-2024-044-01. The advisory is shared at download.schneider-electric.com. The identification of this vulnerability is CVE-2023-6408 since 11/30/2023. Neither technical details nor an exploit are publicly available.
Upgrading eliminates this vulnerability.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
- EcoStruxure Control Expert
- EcoStruxure Process Expert
- Modicon M340 CPU
- Modicon M580 CPU
- Modicon M580 CPU Safety
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.1VulDB Meta Temp Score: 8.0
VulDB Base Score: 8.1
VulDB Temp Score: 7.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.1
NVD Vector: 🔍
CNA Base Score: 8.1
CNA Vector (Schneider Electric SE): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Message integrityCWE: CWE-924 / CWE-354 / CWE-345
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
11/30/2023 🔍02/14/2024 🔍
02/14/2024 🔍
01/24/2025 🔍
Sources
Vendor: schneider-electric.comAdvisory: SEVD-2024-044-01
Status: Confirmed
CVE: CVE-2023-6408 (🔍)
GCVE (CVE): GCVE-0-2023-6408
GCVE (VulDB): GCVE-100-253853
Entry
Created: 02/14/2024 18:11Updated: 01/24/2025 04:43
Changes: 02/14/2024 18:11 (47), 03/06/2024 17:05 (1), 01/24/2025 04:43 (26)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.