CVE-2023-6408

Q: What is the severity of CVE-2023-6408?

CVE-2023-6408 has a CVSS score of 8.1 (HIGH). This vulnerability allows attackers to intercept and manipulate communications between Schneider Electric controllers due to improper message integrity enforcement. A successful Man-in-the-Middle attack could lead to denial of service and compromise of confidentiality and integrity. Industrial control systems using affected Schneider Electric products are at risk.

8.1 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to intercept and manipulate communications between Schneider Electric controllers due to improper message integrity enforcement. A successful Man-in-the-Middle attack could lead to denial of service and compromise of confidentiality and integrity. Industrial control systems using affected Schneider Electric products are at risk.

💻 Affected Systems

Products:

Schneider Electric Modicon M340 controllers
Schneider Electric Modicon M580 controllers

Versions: All versions prior to specific security updates (check vendor advisory for exact versions)

Operating Systems: Embedded controller firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects communication channels between controllers and engineering stations. Requires network access to communication paths.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to manipulate industrial processes, cause physical damage, and exfiltrate sensitive operational data.

🟠

Likely Case

Denial of service disrupting industrial operations and potential data interception leading to operational intelligence gathering.

🟢

If Mitigated

Minimal impact with proper network segmentation, encrypted communications, and monitoring in place.

🌐 Internet-Facing: HIGH - If controllers are exposed to the internet, attackers can intercept communications without network access.

🏢 Internal Only: MEDIUM - Requires internal network access but could be exploited by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires Man-in-the-Middle position on network. No authentication needed to intercept communications.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Schneider Electric security advisory SEVD-2024-044-01 for specific firmware versions

Vendor Advisory: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf

Restart Required: Yes

Instructions:

1. Download firmware update from Schneider Electric portal. 2. Backup controller configuration. 3. Apply firmware update following vendor documentation. 4. Verify communication integrity post-update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate industrial control network from corporate and internet networks

VPN Tunnel Implementation

all

Encrypt all communications between engineering stations and controllers using VPN

🧯 If You Can't Patch

Implement strict network segmentation with firewalls between control network and other networks
Deploy network monitoring and intrusion detection specifically for industrial protocols

🔍 How to Verify

Check if Vulnerable:

Check controller firmware version against vendor advisory. Verify if communication channels lack integrity protection.

Check Version:

Use Schneider Electric engineering software to read controller firmware version

Verify Fix Applied:

After patching, verify firmware version matches patched version in advisory. Test communication integrity.

📡 Detection & Monitoring

Log Indicators:

Unexpected communication interruptions
Authentication failures on engineering stations
Controller reboot events

Network Indicators:

Unusual traffic patterns in industrial protocols
Man-in-the-Middle attack signatures
Protocol anomalies

SIEM Query:

source="industrial_controller" AND (event_type="communication_error" OR event_type="unexpected_reset")

📊 Metadata

CVE ID: CVE-2023-6408

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-924

Published: February 14, 2024

Last Updated: January 23, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ecostruxure Control Expert by Schneider Electric

Ecostruxure Process Expert by Schneider Electric

Modicon M340 Bmxp341000 Firmware by Schneider Electric

Modicon M340 Bmxp341000h Firmware by Schneider Electric

Modicon M340 Bmxp342000 Firmware by Schneider Electric

Modicon M340 Bmxp342010 Firmware by Schneider Electric

Modicon M340 Bmxp3420102 Firmware by Schneider Electric

Modicon M340 Bmxp3420102cl Firmware by Schneider Electric

Modicon M340 Bmxp342020 Firmware by Schneider Electric

Modicon M340 Bmxp342020h Firmware by Schneider Electric

Modicon M340 Bmxp342030 Firmware by Schneider Electric

Modicon M340 Bmxp3420302 Firmware by Schneider Electric

Modicon M340 Bmxp3420302cl Firmware by Schneider Electric

Modicon M340 Bmxp3420302h Firmware by Schneider Electric

Modicon M340 Bmxp342030h Firmware by Schneider Electric

Modicon M580 Bmeh582040 Firmware by Schneider Electric

Modicon M580 Bmeh582040c Firmware by Schneider Electric

Modicon M580 Bmeh582040s Firmware by Schneider Electric

Modicon M580 Bmeh584040 Firmware by Schneider Electric

Modicon M580 Bmeh584040c Firmware by Schneider Electric

Modicon M580 Bmeh584040s Firmware by Schneider Electric

Modicon M580 Bmeh586040 Firmware by Schneider Electric

Modicon M580 Bmeh586040c Firmware by Schneider Electric

Modicon M580 Bmeh586040s Firmware by Schneider Electric

Modicon M580 Bmep581020 Firmware by Schneider Electric

Modicon M580 Bmep581020h Firmware by Schneider Electric

Modicon M580 Bmep582020 Firmware by Schneider Electric

Modicon M580 Bmep582020h Firmware by Schneider Electric

Modicon M580 Bmep582040 Firmware by Schneider Electric

Modicon M580 Bmep582040h Firmware by Schneider Electric

Modicon M580 Bmep582040s Firmware by Schneider Electric

Modicon M580 Bmep583020 Firmware by Schneider Electric

Modicon M580 Bmep583040 Firmware by Schneider Electric

Modicon M580 Bmep584020 Firmware by Schneider Electric

Modicon M580 Bmep584040 Firmware by Schneider Electric

Modicon M580 Bmep584040s Firmware by Schneider Electric

Modicon M580 Bmep585040 Firmware by Schneider Electric

Modicon M580 Bmep585040c Firmware by Schneider Electric

Modicon M580 Bmep586040 Firmware by Schneider Electric

Modicon M580 Bmep586040c Firmware by Schneider Electric

Modicon Mc80 Bmkc8020301 Firmware by Schneider Electric

Modicon Mc80 Bmkc8020310 Firmware by Schneider Electric

Modicon Mc80 Bmkc8030311 by Schneider Electric

Modicon Momentum 171cbu78090 Firmware by Schneider Electric

Modicon Momentum 171cbu98090 Firmware by Schneider Electric

Modicon Momentum 171cbu98091 Firmware by Schneider Electric