CVE-2024-8935Authentication Bypass by Spoofing in Electric Modicon M340 CPU

CWE-290Authentication Bypass by Spoofing3 documents3 sources
Severity
7.7HIGHNVD
EPSS
0.0%
top 93.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Schneider Electric Modicon M340 CPUSchneider Electric Modicon Mc80Schneider Electric Modicon Momentum Unity M1E Processor
Timeline
PublishedNov 13

Description

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a communication session. This vulnerability is inherent to Diffie Hellman algorithm which does not protect against Man-In-The-Middle attacks.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5schneider_electric/modicon_mc80All versions
CVEListV5schneider_electric/modicon_m340_cpuAll versions since SV3.60

🔴Vulnerability Details

2
CVEList
CVE-2024-8935: CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of cont2024-11-13
GHSA
GHSA-6rch-pvx5-r93q: CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of cont2024-11-13
CVE-2024-8935 — Authentication Bypass by Spoofing | cvebase