CVE-2022-45788
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58S and BMEH58S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schneider Electric | EcoStruxure Control Expert | All Versions | affected |
| Schneider Electric | EcoStruxure Process Expert | All Versions | affected |
| Schneider Electric | Modicon M340 CPU (part numbers BMXP34*) | All Versions | affected |
| Schneider Electric | Modicon M580 CPU (part numbers BMEP* and BMEH*) | All Versions | affected |
| Schneider Electric | Modicon M580 CPU Safety (part numbers BMEP58S and BMEH58S) | All Versions | affected |
| Schneider Electric | Modicon Momentum Unity M1E Processor (171CBU*) | All Versions | affected |
| Schneider Electric | Modicon MC80 (BMKC80) | All Versions | affected |
| Schneider Electric | Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*) | All Versions | affected |
Weaknesses
- CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.