Lucene search

SchneiderCVELIST:CVE-2023-25619

HistoryApr 19, 2023 - 7:53 a.m.

CVE-2023-25619

2023-04-1907:53:15

CWE-754

schneider

www.cve.org

cwe-754

denial of service

modbus tcp

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

23.1%

JSON

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that
could cause denial of service of the controller when communicating over the Modbus TCP
protocol.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Modicon M340 CPU (part numbers BMXP34*) ",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "prior to SV3.51"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "prior to V4.10"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Modicon Momentum Unity M1E Processor (171CBU*)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Modicon MC80 (BMKC80)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Legacy Modicon Quantum (140CPU65*)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Legacy Modicon Premium CPUs (TSXP57*)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

23.1%

JSON

Related for CVELIST:CVE-2023-25619