CVE-2024-8938 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Electric Modicon M340 CPU

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.2CRITICALNVD

EPSS

0.2%

top 53.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Modicon M340 CPU Schneider Electric Modicon Mc80 Schneider Electric Modicon Momentum Unity M1E Processor

Timeline

PublishedNov 13

Description

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory size computation.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5schneider_electric/modicon_mc80All versions

▶CVEListV5schneider_electric/modicon_m340_cpuVersions prior to SV3.65

▶CVEListV5schneider_electric/modicon_momentum_unity_m1e_processorAll Versions

🔴Vulnerability Details

CVEList

CVE-2024-8938: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code exec↗2024-11-13

▶

GHSA

GHSA-fv43-v7vc-rjjf: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code exec↗2024-11-13

▶

📋Vendor Advisories

Apache

Apache nifi: CVE-2024-37389↗

▶