CVE-2024-8938

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU (affected versions not specified)

Description: A vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with the memory area involved in memory size computation. This issue is related to improper restriction of operations within the bounds of a memory buffer. The vulnerability may allow a remote attacker to implement a Man-In-The-Middle attack.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.