CVE-2023-6408

CWE-9244 documents4 sources

Severity

8.1HIGH

EPSS

0.1%

top 65.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Control Expert Schneider-electric Ecostruxure Process Expert Schneider-electric Modicon M340 Bmxp341000 Firmware +41 more

Timeline

PublishedFeb 14

Description

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages44 packages

▶NVDschneider-electric/ecostruxure_control_expert< 16.0

▶NVDschneider-electric/ecostruxure_process_expert< 2023

▶NVDschneider-electric/modicon_m340_bmxp341000_firmware< 3.60

▶NVDschneider-electric/modicon_m340_bmxp342000_firmware< 3.60

▶NVDschneider-electric/modicon_m340_bmxp342010_firmware< 3.60

🔴Vulnerability Details

GHSA

GHSA-mpx7-3w53-g6r5: CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of se↗2024-02-14

▶

CVEList

CVE-2023-6408: CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of se↗2024-02-14

▶

OSV

libxpm vulnerabilities↗2023-10-23

▶