CVE-2023-6408

Description

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Schneider Electric / EcoStruxure Control ExpertVersions prior to v16.0 – Versions prior to v16.0
Schneider Electric / EcoStruxure™ Process ExpertVersions prior to v2023 – Versions prior to v2023
Schneider Electric / Modicon M340 CPU (part numbers BMXP34*)Versions prior to sv3.60 – Versions prior to sv3.60
Schneider Electric / Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)Versions prior to sv4.20 – Versions prior to sv4.20
Schneider Electric / Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)All Versions – All Versions

References

MISChttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf