CVE-2023-6408

Name of the Vulnerable Software and Affected Versions Schneider Electric Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58S, M580 CPU Safety BMEH58S versions (affected versions not specified) EcoStruxure Control Expert versions (affected versions not specified) EcoStruxure Process Expert versions (affected versions not specified)

Description The issue is related to the lack of message integrity checks during transmission in the communication channel, which could allow a remote attacker to conduct a Man in the Middle attack. This may cause a denial of service and loss of confidentiality and integrity of controllers.

Recommendations For Schneider Electric Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58S, M580 CPU Safety BMEH58S, consider implementing additional security measures to enforce message integrity during transmission until a patch is available. For EcoStruxure Control Expert and EcoStruxure Process Expert, restrict access to the communication channel to minimize the risk of exploitation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.