CVE-2024-8933
Severity Score
7.5
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of
confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the
logical network while a valid user uploads or downloads a project file into the controller.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-09-17 CVE Reserved
- 2024-11-13 CVE Published
- 2024-11-13 CVE Updated
- 2024-11-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider Electric Search vendor "Schneider Electric" | Modicon M340 CPU (part Numbers BMXP34*) Search vendor "Schneider Electric" for product "Modicon M340 CPU (part Numbers BMXP34*)" | <= Search vendor "Schneider Electric" for product "Modicon M340 CPU (part Numbers BMXP34*)" and version " <= " | en |
Affected
| ||||||
| Schneider Electric Search vendor "Schneider Electric" | Modicon MC80 (part Numbers BMKC80) Search vendor "Schneider Electric" for product "Modicon MC80 (part Numbers BMKC80)" | <= Search vendor "Schneider Electric" for product "Modicon MC80 (part Numbers BMKC80)" and version " <= " | en |
Affected
| ||||||
| Schneider Electric Search vendor "Schneider Electric" | Modicon Momentum Unity M1E Processor (171CBU*) Search vendor "Schneider Electric" for product "Modicon Momentum Unity M1E Processor (171CBU*)" | <= Search vendor "Schneider Electric" for product "Modicon Momentum Unity M1E Processor (171CBU*)" and version " <= " | en |
Affected
| ||||||