Security Notification - SEVD-2024-317-03

Schneider Electric is aware of multiple vulnerabilities in its Modicon Controllers M340 / Momentum / MC80 products. Failure to apply the provided remediations/mitigations below may risk unauthorized access to the controller, which could result in the possibility of denial of service and loss of confidentiality, integrity of the controller. CVE-2024-8936, CVE-2024-8937, CVE-2024-8938. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Security Notification. Security Advisory.