CVE-2023-6408: Message Integrity Failure in Controller Comm Channel (DoS & MI)
CVE-2023-6408 Published on February 14, 2024
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
Vulnerability Analysis
CVE-2023-6408 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission. Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.
Products Associated with CVE-2023-6408
stack.watch emails you whenever new vulnerabilities are published in Schneider Electric Ecostruxure Control Expert or Schneider Electric Ecostruxure Process Expert. Just hit a watch button to start following.
Affected Versions
Schneider Electric Modicon M340 CPU (part numbers BMXP34*):- Version Versions prior to sv3.60 is affected.
- Version Versions prior to sv4.20 is affected.
- Version All Versions is affected.
- Version Versions prior to v16.0 is affected.
- Version Versions prior to v2023 is affected.
- Before 4.20 is affected.
- Before 3.60 is affected.
- Before * is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.