Summary
Schneider Electric is aware of a RADIUS protocol vulnerability affecting its Modicon Network Managed Switch product. The Modicon Network Managed Switch product provides connectivity for multiple Ethernet devices, network management, enhanced cyber security and more advanced switching features. Failure to apply the mitigation provided below may risk forgery attacks in RADIUS Protocol, which could result in modification of any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response which could result in the possibility of denial of service and loss of confidentiality, integrity of the devices connected to the switch.
The following versions of Schneider Electric Modicon Network Managed Switches are affected:
- Connexium Managed Switches vers:all/*
- Modicon Managed Switches vers:all/*
- Modicon Redundancy Switches vers:all/*
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9 | Schneider Electric | Schneider Electric Modicon Network Managed Switches | Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
Background
- Critical Infrastructure Sectors: Commercial Facilities, Energy, Food and Agriculture, Government Services and Facilities, Transportation Systems, Water and Wastewater
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: France
Vulnerabilities
CVE-2024-3596
Additional information about CVE-2024-3596 can be found here:https://www.cve.org/CVERecord?id=CVE-2024-3596
Affected Products
Schneider Electric Modicon Network Managed Switches
Schneider Electric
Connexium Managed Switches All Versions, Modicon Managed Switches All Versions, Modicon Redundancy Switches All Versions
known_affected
Remediations
Mitigation
The default RADIUS configuration is not vulnerable. However, if the RADIUS Server Message Authenticator option is disabled, the product becomes vulnerable. We advise keeping this parameter in its default (enabled) state. This parameter can be configured via CLI and SNMP:TCSESM* CLI: radius server msgauthMIB: hmAgentRadiusServerMsgAuth
Mitigation
The default RADIUS configuration is not vulnerable. However, if the RADIUS Server Message Authenticator option is disabled, the product becomes vulnerable. We advise keeping this parameter in its default (enabled) state. This parameter can be configured via CLI and SNMP:MCSESM*, MCSESP* CLI: radius server auth modify msgauth MIB: hm2AgentRadiusServerMsgAuth
Mitigation
The default RADIUS configuration is not vulnerable. However, if the RADIUS Server Message Authenticator option is disabled, the product becomes vulnerable. We advise keeping this parameter in its default (enabled) state. This parameter can be configured via CLI and SNMP:MCSESR* CLI: radius server auth modify msgauth MIB: hm2AgentRadiusServerMsgAuth
Relevant CWE: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 9 | CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
Acknowledgments
- Schneider Electric CPCERT reported this vulnerability to CISA.
General Security Recommendations
We strongly recommend the following industry cyb
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: