CVE-2022-34765

Summary

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricOPC UA Modicon Communication ModuleBMENUA0100 < V1.10affected
Schneider ElectricX80 advanced RTU Communication ModuleV2.01 < BMENOR2200H*affected

Weaknesses

  • CWE-73: CWE-73 External Control of File Name or Path

ADP Enrichment

CVE Program Container

Additional References

References