Vulnerability Description
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M580 Firmware | < 4.10 |
| Schneider-Electric | Modicon M580 | - |
| Schneider-Electric | Modicon M340 Firmware | < 3.51 |
| Schneider-Electric | Modicon M340 | - |
| Schneider-Electric | Modicon Momentum Unity M1E Processor Firmware | All versions |
| Schneider-Electric | Modicon Momentum Unity M1E Processor | - |
| Schneider-Electric | Modicon Mc80 Firmware | All versions |
| Schneider-Electric | Modicon Mc80 | - |
| Schneider-Electric | Tsxp57 Firmware | All versions |
| Schneider-Electric | Tsxp57 | - |
| Schneider-Electric | Bmep58S Firmware | All versions |
| Schneider-Electric | Bmep58S | - |
| Schneider-Electric | Bmeh58S Firmware | All versions |
| Schneider-Electric | Bmeh58S | - |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDoc
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDoc
FAQ
What is CVE-2023-25619?
CVE-2023-25619 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.
How severe is CVE-2023-25619?
CVE-2023-25619 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-25619?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M580 Firmware, Schneider-Electric Modicon M580, Schneider-Electric Modicon M340 Firmware, Schneider-Electric Modicon M340, Schneider-Electric Modicon Momentum Unity M1E Processor Firmware.