VDB

SEVD-2023-101-05

SEVD-2023-101-05 PUBLISHED CVSS 7.5 HIGH

Schneider Electric is aware of multiple vulnerabilities in its Modicon PLCs (Programmable Logic Controllers) and PACs (Programmable Automation Controllers). Modicon PLCs (Programmable Logic Controllers) and PACs (Programmable Automation Controllers) control and monitor industrial operations in a sustainable, flexible, efficient, and protected way. Failure to apply the remediations and mitigations provided below may risk a denial of service of the controller, which could result in disrupted operations.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Schneider Electric Legacy Modicon Premium CPUs all versions
Schneider Electric Modicon MC80 (BMKC80)
Schneider Electric Modicon M340 CPU versions prior to SV3.51
Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) Versions prior to SV4.21
Schneider Electric Modicon MC80 versions prior to SV2.0
Schneider Electric Modicon M580 SV4.10
Schneider Electric Modicon Momentum Unity M1E Processor SV2.70
Schneider Electric Modicon M580 CPU versions prior to V4.10
Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) SV4.21
Schneider Electric Modicon M340 SV3.51
Schneider Electric Modicon Momentum Unity M1E Processor all versions prior to sv2.70
Schneider Electric Legacy Modicon Quantum all versions

Timeline

  • Apr 11, 2023 CVE Published
  • Aug 13, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›