CVE-2024-0568 – This CVE describes an improper authentication v... (How to Fix)

Q: What is the severity of CVE-2024-0568?

CVE-2024-0568 has a CVSS score of 8.8 (HIGH). This CVE describes an improper authentication vulnerability in Schneider Electric devices that allows unauthorized tampering of device configuration via NFC communication. Attackers with physical proximity can modify settings without proper authentication. This affects Schneider Electric products using vulnerable NFC implementations.

📋 TL;DR

This CVE describes an improper authentication vulnerability in Schneider Electric devices that allows unauthorized tampering of device configuration via NFC communication. Attackers with physical proximity can modify settings without proper authentication. This affects Schneider Electric products using vulnerable NFC implementations.

💻 Affected Systems

Products:

Schneider Electric devices with vulnerable NFC implementation

Versions: Specific versions not detailed in provided references

Operating Systems: Embedded systems/firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires physical proximity to NFC interface. Exact product list should be verified from vendor advisory.

📦 What is this software?

Renf22r2mmw Firmware by Se

View all CVEs affecting Renf22r2mmw Firmware →

Rmnf22tb30 Firmware by Se

View all CVEs affecting Rmnf22tb30 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing configuration changes that could disrupt operations, cause safety hazards, or enable further attacks on connected systems.

🟠

Likely Case

Unauthorized configuration changes leading to operational disruption, data manipulation, or denial of service.

🟢

If Mitigated

Limited impact if NFC access is physically restricted and devices are isolated from critical networks.

🌐 Internet-Facing: LOW (requires physical proximity via NFC)

🏢 Internal Only: MEDIUM (requires physical access but could affect internal devices)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires physical access to NFC interface but no authentication. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to vendor advisory for specific fixed versions

Vendor Advisory: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-02.pdf

Restart Required: Yes

Instructions:

1. Review vendor advisory SEVD-2024-044-02. 2. Identify affected products. 3. Apply firmware updates provided by Schneider Electric. 4. Restart devices after patching.

🔧 Temporary Workarounds

Disable NFC functionality

all

Turn off NFC communication if not required for operations

Device-specific configuration commands (consult product documentation)

Physical access controls

all

Restrict physical access to NFC interfaces

🧯 If You Can't Patch

Implement strict physical security controls around devices
Isolate affected devices from critical networks using segmentation

🔍 How to Verify

Check if Vulnerable:

Check device model and firmware version against vendor advisory. Physical test with authorized NFC tool may be required.

Check Version:

Device-specific command (consult product documentation for firmware version check)

Verify Fix Applied:

Verify firmware version matches patched version from vendor advisory. Test NFC authentication functionality.

📡 Detection & Monitoring

Log Indicators:

Unexpected configuration changes
NFC access logs showing unauthorized attempts

Network Indicators:

Unusual device behavior or configuration changes

SIEM Query:

Search for device configuration changes without corresponding authorized user activity

📊 Metadata

CVE ID: CVE-2024-0568

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: February 14, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0568, you might also want to check these: