Lucene search
HistoryApr 19, 2023 - 8:15 a.m.
CVE-2023-25619
cve-2023-25619
cwe-754
denial of service
controller
modbus tcp protocol
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
23.1%
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that
could cause denial of service of the controller when communicating over the Modbus TCP
protocol.
Affected configurations
Node
schneider-electricmodicon_m580Match-
schneider-electricmodicon_m580_firmwareRange<4.10
Node
schneider-electricmodicon_m340Match-
schneider-electricmodicon_m340_firmwareRange<3.51
Node
schneider-electricmodicon_momentum_unity_m1e_processorMatch-
schneider-electricmodicon_momentum_unity_m1e_processor_firmware
Node
schneider-electricmodicon_mc80Match-
schneider-electricmodicon_mc80_firmware
Node
schneider-electrictsxp57Match-
schneider-electrictsxp57_firmware
Node
schneider-electricbmep58sMatch-
schneider-electricbmep58s_firmware
Node
schneider-electricbmeh58sMatch-
schneider-electricbmeh58s_firmware
| CPE | Name | Operator | Version |
|---|---|---|---|
| schneider-electric:modicon_m580_firmware | schneider-electric modicon m580 firmware | lt | 4.10 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Modicon M340 CPU (part numbers BMXP34*) ",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "prior to SV3.51"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU (part numbers BMEP* and BMEH*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "prior to V4.10"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All "
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon Momentum Unity M1E Processor (171CBU*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon MC80 (BMKC80)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Legacy Modicon Quantum (140CPU65*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Legacy Modicon Premium CPUs (TSXP57*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
]Related
nessus
nessus
prion
prion
Design/Logic Flaw
2023-04-19 08:15:00
cvelist
cvelist
CVE-2023-25619
2023-04-19 07:53:15
nvd
nvd
CVE-2023-25619
2023-04-19 08:15:07
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
23.1%
Related for CVE-2023-25619