CVE-2022-34762

Summary

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricOPC UA Modicon Communication ModuleBMENUA0100 < V1.10affected
Schneider ElectricX80 advanced RTU Communication ModuleV2.01 < BMENOR2200H*affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References