CVE-2023-6408

HIGH

Schneider Electric EcoStruxure Control Expert and Process Expert - Denial of Service via Man-in-the-Middle Attack

Title source: llm

Description

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.

References (1)

Core 1

Core References

Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf

Scores

CVSS v3 8.1

EPSS 0.0015

EPSS Percentile 35.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-924

Status published

Products (46)

schneider-electric/ecostruxure_control_expert < 16.0

schneider-electric/ecostruxure_process_expert < 2023

schneider-electric/modicon_m340_bmxp341000_firmware < 3.60

schneider-electric/modicon_m340_bmxp341000h_firmware < 3.60

schneider-electric/modicon_m340_bmxp342000_firmware < 3.60

schneider-electric/modicon_m340_bmxp3420102_firmware < 3.60

schneider-electric/modicon_m340_bmxp3420102cl_firmware < 3.60

schneider-electric/modicon_m340_bmxp342010_firmware < 3.60

schneider-electric/modicon_m340_bmxp342020_firmware < 3.60

schneider-electric/modicon_m340_bmxp342020h_firmware < 3.60

... and 36 more

Published Feb 14, 2024

Tracked Since Feb 18, 2026