VDB
SEVD-2023-192-04
SEVD-2023-192-04
PUBLISHED
CVSS 8.800000190734863 HIGH
Schneider Electric is aware of multiple vulnerabilities disclosed on CODESYS runtime system V3 communication server. Many vendors, including Schneider Electric, embed CODESYS in their offers. If successfully exploited, these vulnerabilities could result in a denial of service or, in some cases, in remote code execution on PacDrive controllers, Modicon Controllers M241 / M251 / M262 / M258 / LMC058 / LMC078 / M218 , HMISCU, the Simulation Runtime SoftSPS from EcoStruxure Machine Expert and EcoStruxure Microgrid Operation products. Failure to apply the mitigations provided below may result in denial of service and/or arbitrary remote code execution.
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric HMISCU Controller All versions prior to v6.3.1 | ||
| Schneider Electric Modicon Controller LMC078 All Versions | ||
| Schneider Electric Modicon Controller M251 All Versions prior to v5.2.11.18 | ||
| Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 1.76.14.1 | ||
| Schneider Electric Easy Harmony HMIET6/HMIFT6 Magelis HMIGXU all versions prior to v2.0 HF2 | ||
| Schneider Electric Modicon Controller M241 All versions prior to v5.2.11.18 | ||
| Schneider Electric Harmony (Formerly Magelis) HMIGK/HMIGTO/HMIGTU/HMIGTUX/HMISTU series All Versions prior to V6.3 HF3 | ||
| Schneider Electric SoftSPS embedded in EcoStruxure™ Machine Expert All Versions prior to Machine Expert v2.2 | ||
| Schneider Electric SoftSPS embedded in EcoStruxure™ Machine Expert 2.2 | ||
| Schneider Electric Vijeo Designer embedded in EcoStruxure™ Machine Expert All versions prior to v6.3.1 | ||
| Schneider Electric Vijeo Designer embedded in EcoStruxure™ Machine Expert 6.3.1 | ||
| Schneider Electric Modicon Controller M258 All Versions | ||
| Schneider Electric HMISCU Controller 6.3.1 | ||
| Schneider Electric Modicon Controller LMC058 All Versions | ||
| Schneider Electric Modicon Controller M251 5.2.11.18 | ||
| Schneider Electric PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All versions prior to v1.76.14.1 | ||
| Schneider Electric Modicon Controller M262 5.2.8.12 | ||
| Schneider Electric Modicon Controller M241 5.2.11.18 | ||
| Schneider Electric Modicon Controller M262 All versions prior to v5.2.8.12 | ||
| Schneider Electric Modicon Controller M218 All Versions |
Timeline
- Jul 11, 2023 CVE Published
- Dec 9, 2025 CVE Updated
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-04.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2023-192-04.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware fix
- https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ fix
- https://www.se.com/us/en/work/support/contacts.jsp fix
- https://www.se.com/ww/en/product-range/1054-vijeo-designer-hmi-software/#software-and-firmware fix
- https://www.se.com/ww/en/product-range/268959560-easy-modicon-m310 fix