VDB
CVE-2023-25620
CVE-2023-25620
PUBLISHED
CVSS 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.
EPSS 0.28% · 51.5th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.28%
51.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | modicon_mc80_firmware | |
| schneider-electric | tsxp57_firmware | |
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) | V2.5-GS-01-22320 |
| schneider-electric | 140cpu65_firmware | |
| schneider-electric | modicon_m340_firmware | 0 |
| Schneider Electric | APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) | V2.5-GA-01-22320 |
| schneider-electric | modicon_momentum_unity_m1e_processor_firmware | |
| schneider-electric | bmeh58s_firmware | |
| schneider-electric | modicon_m580_firmware | 0 |
| schneider-electric | bmep58s_firmware |
Exploit Intelligence
Timeline
- Apr 11, 2023 CVE Published
- Apr 19, 2023 PoC Published
- Apr 20, 2023 EPSS Score
- Apr 25, 2023 PoC Published
- May 27, 2023 EPSS Score
- Jul 4, 2023 EPSS Score
- Aug 10, 2023 EPSS Score
- Sep 17, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Dec 1, 2023 EPSS Score
- Jan 7, 2024 EPSS Score
- Feb 14, 2024 EPSS Score
References
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-011-06_CODESYSV3_Runtime_Development_System_and_Gateway_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-06.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-02.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-03.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-01.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-25620 advisory
- https://https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf url