CVE-2024-8933

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to...

The vulnerability of the microprogrammed software of the multi-environmental electrical voltage measuring instrument PowerLogic HDPM6000 lies in the lack of checks for the integrity of messages during transmission over communication channels. This allows attackers to exploit their privileges.

The vulnerability of the Pro-Face GP-Pro EX automation project creation software and the Pro-face Remote HMI remote monitoring software lies in the lack of checks for the integrity of messages during transmission over communication channels. Exploiting this vulnerability allows a malicious actor ...

CVE-2024-12399

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication...

CVE-2024-12399

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication...

CVE-2024-12399

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication...

CVE-2024-12399

The CVE-2024-12399 entry concerns Schneider Electric Pro-face GP‑Pro EX and Remote HMI. The underlying issue is improper enforcement of message integrity during transmission in a communication channel, which could enable a man‑in‑the‑middle attack and lead to partial loss of confidentiality, inte...

Schneider Electric Pro-face GP-Pro EX和Remote HMI 安全漏洞

Schneider Electric Pro-face GP-Pro EX and Schneider Electric Pro-face Remote HMI are both products of Schneider Electric, France.Schneider Electric Pro-face GP-Pro EX is an HMI operation management system. Schneider Electric Pro-face GP- EX is a human-machine interface operator management system,...

PT-2024-10223 · Pro Face · Pro-Face Remote Hmi +1

Name of the Vulnerable Software and Affected Versions: Pro-Face GP-Pro EX affected versions not specified Pro-face Remote HMI affected versions not specified Description: The issue is related to an improper enforcement of message integrity during transmission in a communication channel, which cou...

The vulnerability of microprogrammed software for Schneider Electric Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU lies in the lack of checks for the integrity of messages during transmission over communication channels. This allows attackers to disclose sensitive information or cause malfunctions in the system.

The vulnerability of microprogrammed logic controllers PLCs from Schneider Electric, such as the Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU, stems from the lack of checks for the integrity of messages during transmission over communication...

Schneider Electric Modicon M340, MC80, and Momentum Unity M1E Improper Enforcement of Message Integrity During Transmission in a Communication Channel (CVE-2024-8933)

A vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themselves inside the logical network while a valid user uploads or downloads a project...

Schneider Electric Modicon M340 安全漏洞

The Schneider Electric Modicon M340 is a medium-range PLC programmable logic controller for industrial processes and infrastructure from Schneider Electric, France. A security vulnerability exists in the Schneider Electric Modicon M340 that arises from improper implementation of message integrity...

Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

ROS-20240521-09

A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to the lack of message integrity checking. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or...

ROS-20240521-05

A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could Allow a remote attacker to disclose protected information A vulnerability in...

ROS-20240521-10

A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to the lack of message integrity checking. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or...

CVE-2023-6408

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack...

CVE-2023-6408

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack...

Schneider Electric Modicon M340 Security Breach

The Schneider Electric Modicon M340 is a medium-range PLC Programmable Logic Controller for industrial processes and infrastructure from Schneider Electric, France. A security vulnerability exists in the Schneider Electric Modicon M340 that arises from improper message integrity enforcement durin...

PT-2024-1606 · Schneider Electric · M580 Cpu Bmeh +4

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58S, M580 CPU Safety BMEH58S versions affected versions not specified EcoStruxure Control Expert versions affected versions not specified EcoStruxur...

The vulnerabilities of the microprogramming software for Schneider Electric Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58*S, and M580 CPU Safety BMEH58*S, as well as the programming tools EcoStruxure Control Expert and EcoStruxure Process Expert, allow a attacker to execute a “man-in-the-middle” attack.

The vulnerability of microprogrammed logic controllers PLCs from Schneider Electric, such as the Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58S, and M580 CPU Safety BMEH58S, as well as the PLC programming software EcoStruxure Control Expert and EcoStruxure Process...