7.7

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss
of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the
controller and the engineering workstation while a valid user is establishing a communication session. This
vulnerability is inherent to Diffie Hellman algorithm which does not protect against Man-In-The-Middle attacks.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerschneider-electric
Produkt modicon_m340_bmxp341000
Default Statusunknown
Version < *
Version SV3.60
Status affected
Herstellerschneider-electric
Produkt modicon_mc80_bmkc8020301
Default Statusunknown
Version < *
Version 0
Status affected
Herstellerschneider-electric
Produkt modicon_momentum_unity_m1e_processor
Default Statusunknown
Version < *
Version 0
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.348
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cybersecurity@se.com 7.7 0 0
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cybersecurity@se.com 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.