CVE-2024-8933 HIGH

CVE-2024-8933

Vendor Schneider Electric
Product Modicon M340 CPU (part numbers BMXP34*)
Weakness CWE-924
Published November 13, 2024
Last update November 13, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the logical network while a valid user uploads or downloads a project file into the controller.

Key dates

02Disclosure timeline

November 13, 2024 CVE published
November 13, 2024 Record updated