CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10575
https://notcve.org/view.php?id=CVE-2024-10575
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. • https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdf • CWE-862: Missing Authorization •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9409
https://notcve.org/view.php?id=CVE-2024-9409
CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. • https://download.schneider-electric.com/doc/SEVD-2024-317-01/SEVD-2024-317-01.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8938
https://notcve.org/view.php?id=CVE-2024-8938
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory size computation. • https://download.schneider-electric.com/doc/SEVD-2024-317-03/SEVD-2024-317-03.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8937
https://notcve.org/view.php?id=CVE-2024-8937
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the authentication process. • https://download.schneider-electric.com/doc/SEVD-2024-317-03/SEVD-2024-317-03.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8935
https://notcve.org/view.php?id=CVE-2024-8935
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a communication session. This vulnerability is inherent to Diffie Hellman algorithm which does not protect against Man-In-The-Middle attacks. • https://download.schneider-electric.com/doc/SEVD-2024-317-02/SEVD-2024-317-02.pdf • CWE-290: Authentication Bypass by Spoofing •