Описание
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the logical network while a valid user uploads or downloads a project file into the controller.
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the logical network while a valid user uploads or downloads a project file into the controller.
Уязвимость микропрограммного обеспечения программируемых логических контроллеров (ПЛК) Schneider Electric Modicon M340 CPU BMXP34, Modicon MC80 BMKC80 и Modicon Momentum Unity M1E Processor 171CBU, связанная с отсутствием проверки целостности сообщений при их передаче по каналу связи, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3