CVE-2024-8936
Improper Input Validation (CWE-20)
Published: Nov 13, 2024 / Updated: 6d ago
010
CVSS 8.3EPSS 0.04%High
CVE info copied to clipboard
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Timeline
First Article
Feedly found the first article mentioning CVE-2024-8936. See article
Nov 12, 2024 at 10:12 AM / Cybersecurity News
CVSS Estimate
Feedly estimated the CVSS score as HIGH
Nov 13, 2024 at 4:39 AM
CVSS
A CVSS base score of 6.5 has been assigned.
Nov 13, 2024 at 5:20 AM / nvd
EPSS
EPSS Score was set to: 0.04% (Percentile: 10.1%)
Nov 13, 2024 at 5:07 PM
Affected Systems
Schneider-electric/modicon_m340
+null more
Links to Mitre Att&cks
T1562.003: Impair Command History Logging
+null more
Attack Patterns
CAPEC-10: Buffer Overflow via Environment Variables
+null more
News
Multiple critical vulnerabilities reported in Schneider Electric Modicon controllers
Schneider Electric is reporting several security vulnerabilities affecting its Modicon series of programmable automation controllers (PACs), including the M340, Momentum, and MC80 models. Then make a plan for patching or additional mitigations.
Schneider Electric Warns of Critical Modicon Flaws
French multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers, putting industries relying on these controllers at risk. CVE-2024-8937 : This vulnerability is linked to improper memory buffer restrictions in the Modicon controllers.
Schneider Electric Warns of Critical Modicon Flaws
French multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers, putting industries relying on these controllers at risk. CVE-2024-8937 : This vulnerability is linked to improper memory buffer restrictions in the Modicon controllers.
Schneider Electric Warns of Critical Modicon Flaws
French multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers, putting industries relying on these controllers at risk. CVE-2024-8937 : This vulnerability is linked to improper memory buffer restrictions in the Modicon controllers.
Schneider Electric Warns of Critical Modicon Flaws
French multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers, putting industries relying on these controllers at risk. CVE-2024-8937 : This vulnerability is linked to improper memory buffer restrictions in the Modicon controllers.
See 2 more articles and social media posts