{"cve":{"cve_id":"CVE-2024-8933","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00281,"epss_percentile":0.19694,"epss_as_of":"2026-06-23","description":"CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel\nvulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of\nconfidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the\nlogical network while a valid user uploads or downloads a project file into the controller.","published_at":"2024-11-13T04:06:09.279000Z","last_modified_at":null,"cvss_v3_score":7.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":7.5,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","cvss_v4_severity":"HIGH","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-924"],"nvd_references":["https://download.schneider-electric.com/doc/SEVD-2024-317-02/SEVD-2024-317-02.pdf"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:24:53.639719Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"AT","name":"Attack Requirements","value":"P","value_label":"Present"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"A","value_label":"Active"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"schneider-electric","vendor_name":"Schneider Electric","product_slug":"modicon-m340-cpu-part-numbers-bmxp34","product_name":"Modicon M340 CPU (part numbers BMXP34*)","version_start":"All versions","version_start_inclusive":true,"version_end":"All versions","version_end_inclusive":true,"cpe23_uri":"cve5:schneider-electric:modicon-m340-cpu-part-numbers-bmxp34:All versions:All versions"},{"vendor_slug":"schneider-electric","vendor_name":"Schneider Electric","product_slug":"modicon-mc80-part-numbers-bmkc80","product_name":"Modicon MC80 (part numbers BMKC80)","version_start":"All versions","version_start_inclusive":true,"version_end":"All versions","version_end_inclusive":true,"cpe23_uri":"cve5:schneider-electric:modicon-mc80-part-numbers-bmkc80:All versions:All versions"},{"vendor_slug":"schneider-electric","vendor_name":"Schneider Electric","product_slug":"modicon-momentum-unity-m1e-processor-171cbu","product_name":"Modicon Momentum Unity M1E Processor (171CBU*)","version_start":"All Versions","version_start_inclusive":true,"version_end":"All Versions","version_end_inclusive":true,"cpe23_uri":"cve5:schneider-electric:modicon-momentum-unity-m1e-processor-171cbu:All Versions:All Versions"}],"exploit_refs":[],"news":[],"references":[{"url":"https://download.schneider-electric.com/doc/SEVD-2024-317-02/SEVD-2024-317-02.pdf","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2024-11-13T04:06:09.279000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:40:34.725608Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:34.725608Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:34.725608Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:34.725608Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:34.725608Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:34.725608Z","label":"CVSS score revised","source":"cvelistv5"}]}