CVE-2023-25619

HIGH

Modicon M580 Firmware < 4.10 - Denial of Service via Modbus TCP Protocol

Title source: llm

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.

References (1)

Core 1

Core References

Various Sources

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 54.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-754

Status published

Products (7)

schneider-electric/bmeh58s_firmware

schneider-electric/bmep58s_firmware

schneider-electric/modicon_m340_firmware < 3.51

schneider-electric/modicon_m580_firmware < 4.10

schneider-electric/modicon_mc80_firmware

schneider-electric/modicon_momentum_unity_m1e_processor_firmware

schneider-electric/tsxp57_firmware

Published Apr 19, 2023

Tracked Since Feb 18, 2026