PatchSiren cyber security CVE debrief
CVE-2023-27975 Schneider Electric CVE debrief
A CWE-522: Insufficiently Protected Credentials vulnerability in Schneider Electric EcoStruxure Control Expert and EcoStruxure Process Expert allows a local, authenticated user with low privileges to tamper with the memory of an engineering workstation and gain unauthorized access to project files. The vulnerability stems from inadequate protection of credentials within the application, enabling confidentiality and integrity impacts on project data without affecting availability. The attack requires local access and physical tampering with workstation memory, with no user interaction needed. CVSS v4.0 Base Score 7.2 (High).
- Vendor
- Schneider Electric
- Product
- Modicon M340 CPU (part numbers BMXP34*)
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-13
- Original CVE updated
- 2026-05-07
- Advisory published
- 2024-02-13
- Advisory updated
- 2026-05-07
Who should care
Organizations operating Schneider Electric Modicon M340, M580, and associated EcoStruxure engineering environments in industrial control systems, particularly those with shared engineering workstations or environments where physical access controls may be insufficient. Critical infrastructure operators in manufacturing, energy, water/wastewater, and process industries using affected PLC platforms should prioritize assessment and remediation.
Technical summary
The vulnerability exists in the credential protection mechanisms of EcoStruxure Control Expert and EcoStruxure Process Expert engineering software. A local attacker with low privileges can manipulate workstation memory to extract or bypass credential protections, leading to unauthorized access to project files. The attack vector is local (AV:L) with low attack complexity (AC:L) and requires prior physical access to tamper with memory (AT:P). Successful exploitation grants high impact on confidentiality (VC:H) and integrity (VI:H) of project data, with no availability impact (VA:N). The vulnerability does not affect system confidentiality, integrity, or availability (SC:N/SI:N/SA:N). Remediation involves software updates, network segmentation, access controls, and hardware-based security features.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade EcoStruxure Control Expert to version 16.0 or later; reboot required after installation
- Apply EcoStruxure Control Expert version 15.3 HF008 as an alternative remediation path
- Enable application password protection in project properties
- Implement network segmentation and firewall rules to block unauthorized access to port 502/TCP
- Configure Access Control Lists per Modicon M340/M580 hardware reference manuals
- Establish secure communications using IPsec via BMENOC modules, BMENUA0100 modules, or external VPN firewall devices such as Belden EAGLE40-07
- Activate CPU memory protection by configuring input bits to physical inputs where supported
- Enable encryption on application projects and store files in secure locations with restricted access only for legitimate users
Evidence notes
CISA CSAF advisory ICSA-24-331-03 published 2024-02-13 documents this vulnerability with CVSS v4.0 scoring. Schneider Electric security notice SEVD-2024-044-01 provides vendor remediation guidance. The vulnerability affects EcoStruxure Control Expert versions prior to v16.0 and EcoStruxure Process Expert versions prior to v2023.
Official resources
-
CVE-2023-27975 CVE record
CVE.org
-
CVE-2023-27975 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-02-13