CVE-2023-6408

🗓️ 14 Feb 2024 16:52:24Reported by schneiderType

Improper Message Integrity enforcement vulnerabilit

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerabilities of the microprogramming software for Schneider Electric Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58S, and M580 CPU Safety BMEH58S, as well as the programming tools EcoStruxure Control Expert and EcoStruxure Process Expert, allow a attacker to execute a “man-in-the-middle” attack.	13 Feb 202400:00	–	bdu_fstec
Circl	CVE-2023-6408	6 Mar 202417:16	–	circl
CNNVD	Schneider Electric Modicon M340 Security Breach	14 Feb 202400:00	–	cnnvd
CVE	CVE-2023-6408	14 Feb 202416:52	–	cve
EUVD	EUVD-2023-58645	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Scheider Electric EcoStruxture and Modicon	15 Feb 202400:00	–	ncsc
NVD	CVE-2023-6408	14 Feb 202417:15	–	nvd
Prion	Design/Logic Flaw	14 Feb 202417:15	–	prion
Positive Technologies	PT-2024-1606 · Schneider Electric · M580 Cpu Bmeh +4	13 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-6408	23 May 202504:58	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "product": "Modicon M340 CPU (part numbers BMXP34*)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to sv3.60"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to sv4.20"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Control Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to v16.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Process Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to v2023"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

14 Feb 2024 16:52Current

8.1High risk

Vulners AI Score8.1

CVSS 3.18.1

EPSS0.00314

CWE-924