5 matches found
Schneider Electric Modicon M340, MC80, and Momentum Unity M1E Authentication Bypass By Spoofing (CVE-2024-8935)
A vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a communication session. This vulnerability is...
CVE-2024-8935
creationtimestamp| type| source ---|---|--- 2024-11-13 07:28:17+00:00| seen| https://t.me/cvedetector/10802 2024-11-21 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-03 2026-04-14 13:10:17+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjhhczv3a...
CVE-2024-8935
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...
CVE-2024-8935
CVE-2024-8935 affects Schneider Electric Modicon M340, MC80, and Momentum Unity M1E. The issue is an Authentication Bypass by Spoofing enabling a Man-In-The-Middle attack during a controller–engineering workstation session, due to DH-based vulnerability that does not protect against MITM. Consequ...
CVE-2024-8935
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...