CVE-2023-25620

Published: Apr 19, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.

Affected (8)

Products: Schneider Electric: Modicon M580 Firmware, Modicon M340 Firmware, Modicon Momentum Unity M1e Processor Firmware, Modicon Mc80 Firmware, 140cpu65 Firmware, Tsxp57 Firmware, Bmep58s Firmware, Bmeh58s Firmware

Schneider Electric

8 products

Modicon M580 Firmware

Modicon M340 Firmware

Modicon Momentum Unity M1e Processor Firmware

Modicon Mc80 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Firmware	Before 4.10

Running on/with	Platform Versions
Schneider Electric Modicon M580	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Firmware	Before 3.51

Running on/with	Platform Versions
Schneider Electric Modicon M340	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon Momentum Unity M1e Processor Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon Momentum Unity M1e Processor	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon Mc80 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon Mc80	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140cpu65 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140cpu65	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxp57 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxp57	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmep58s Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmep58s	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmeh58s Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmeh58s	All versions

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf

Source: cybersecurity@se.com

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.