ByteOS Network

Vulnerability Details :

CVE-2024-12399

Assigner Org ID-076d1eb6-cfab-4401-b34d-6dfc2a413bdb

Published At-17 Jan, 2025 | 09:37

Updated At-12 Feb, 2025 | 16:55

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:schneider

Assigner Org ID:076d1eb6-cfab-4401-b34d-6dfc2a413bdb

Published At:17 Jan, 2025 | 09:37

Updated At:12 Feb, 2025 | 16:55

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Schneider Electric SE

Product

Pro-face GP-Pro EX

Default Status

unaffected

Versions

Affected

All versions

Vendor

Schneider Electric SE

Product

Pro-face Remote HMI

Default Status

unaffected

Versions

Affected

All versions

Problem Types

Type	CWE ID	Description
CWE	CWE-924	CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Type: CWE

CWE ID: CWE-924

Description: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Metrics

Version	Base score	Base severity	Vector
4.0	6.1	MEDIUM	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

Version: 4.0

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

References

Hyperlink	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-02.pdf	N/A

Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-02.pdf

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cybersecurity@se.com

Published At:17 Jan, 2025 | 10:15

Updated At:17 Jan, 2025 | 10:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.1	MEDIUM	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-924	Primary	cybersecurity@se.com

CWE ID: CWE-924

Type: Primary

Source: cybersecurity@se.com

References

Hyperlink	Source	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-02.pdf	cybersecurity@se.com	N/A

Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-02.pdf

Source: cybersecurity@se.com

Resource: N/A

Similar CVEs

2Records found

CVE-2023-6408

Matching Score-6

Assigner-Schneider Electric

View Details

Matching Score-6

Assigner-Schneider Electric

CVSS Score-8.1||HIGH

EPSS-0.16% / 37.08%

7 Day CHG~0.00%

Published-14 Feb, 2024 | 16:52

Updated-23 Jan, 2025 | 19:39

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.

Vendor-Schneider Electric SE

CWE ID-CWE-924

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CVE-2024-8933

Matching Score-6

Assigner-Schneider Electric

View Details

Matching Score-6

Assigner-Schneider Electric

CVSS Score-7.5||HIGH

EPSS-0.07% / 21.55%

7 Day CHG~0.00%

Published-13 Nov, 2024 | 04:06

Updated-13 Nov, 2024 | 17:01

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the logical network while a valid user uploads or downloads a project file into the controller.

Product-Modicon Momentum Unity M1E Processor (171CBU*)Modicon M340 CPU (part numbers BMXP34*)Modicon MC80 (part numbers BMKC80)modicon_mc80 modicon_momentum_unity_m1e_processor modicon_m340

CWE ID-CWE-924

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CVE-2024-12399

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs