CVE-2024-8938

EUVD-2024-49496
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could
cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a
crafted Modbus function call to tamper with memory area involved in memory size computation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
schneider-electricmodicon_m340
𝑥
< SV3.65
ADP
schneider-electricmodicon_mc80
𝑥
< *
ADP
schneider-electricmodicon_momentum_unity_m1e_processor
𝑥
< *
ADP
Common Weakness Enumeration
References
https://download.schneider-electric.com/doc/SEVD-2024-317-03/SEVD-2024-317-03.pdf