CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could
cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a
crafted Modbus function call to tamper with memory area involved in memory size computation.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 13 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Schneider-electric
Schneider-electric modicon M340
Schneider-electric modicon Mc80
Schneider-electric modicon Momentum Unity M1e Processor
CPEs cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_mc80:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_momentum_unity_m1e_processor:-:*:*:*:*:*:*:*
Vendors & Products Schneider-electric
Schneider-electric modicon M340
Schneider-electric modicon Mc80
Schneider-electric modicon Momentum Unity M1e Processor
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 13 Nov 2024 04:45:00 +0000

Type Values Removed Values Added
Description CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory size computation.
Weaknesses CWE-119
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2024-11-13T15:26:23.491Z

Reserved: 2024-09-17T07:54:07.817Z

Link: CVE-2024-8938

cve-icon Vulnrichment

Updated: 2024-11-13T15:26:18.229Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-13T05:15:25.727

Modified: 2024-11-13T17:01:16.850

Link: CVE-2024-8938

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.