CVE-2023-6408

high-risk

Published 2024-02-14

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.

Do I need to act?

0.15% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / HIGH complexity

Affected Products (20)

Modicon M340 Bmxp341000 Firmware

Modicon M340 Bmxp341000H Firmware

Modicon M340 Bmxp342000 Firmware

Modicon M340 Bmxp342010 Firmware

Modicon M340 Bmxp3420102 Firmware

Modicon M340 Bmxp3420102Cl Firmware

Modicon M340 Bmxp342020 Firmware

Modicon M340 Bmxp342020H Firmware

Modicon M340 Bmxp342030 Firmware

Modicon M340 Bmxp3420302 Firmware

Modicon M340 Bmxp3420302Cl Firmware

Modicon M340 Bmxp3420302H Firmware

Modicon M340 Bmxp342030H Firmware

Modicon M580 Bmep581020 Firmware

Modicon M580 Bmep581020H Firmware

Modicon M580 Bmep582020 Firmware

Modicon M580 Bmep582020H Firmware

Modicon M580 Bmep582040 Firmware

Modicon M580 Bmep582040H Firmware

Modicon M580 Bmep582040S Firmware

Affected Vendors

Schneider-Electric

References (2)

Vendor Advisory https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDoc...

/ 100

high-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 25/34 · High