CVE-2024-8933 — Improper Enforcement of Message Integrity During Transmission in a Communication Channel in Electric Modicon M340 CPU

CWE-924 — Improper Enforcement of Message Integrity During Transmission in a Communication Channel3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 74.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Modicon M340 CPU Schneider Electric Modicon Mc80 Schneider Electric Modicon Momentum Unity M1E Processor

Timeline

PublishedNov 13

Description

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the logical network while a valid user uploads or downloads a project file into the controller.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5schneider_electric/modicon_mc80All versions

▶CVEListV5schneider_electric/modicon_m340_cpuAll versions

▶CVEListV5schneider_electric/modicon_momentum_unity_m1e_processorAll Versions

🔴Vulnerability Details

GHSA

GHSA-w33h-3r53-4xwj: CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of p↗2024-11-13

▶

CVEList

CVE-2024-8933: CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of p↗2024-11-13

▶