CVE-2022-45788

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58S and BMEH58S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Control ExpertAll Versionsaffected
Schneider ElectricEcoStruxure Process ExpertAll Versionsaffected
Schneider ElectricModicon M340 CPU (part numbers BMXP34*)All Versionsaffected
Schneider ElectricModicon M580 CPU (part numbers BMEP* and BMEH*)All Versionsaffected
Schneider ElectricModicon M580 CPU Safety (part numbers BMEP58S and BMEH58S)All Versionsaffected
Schneider ElectricModicon Momentum Unity M1E Processor (171CBU*)All Versionsaffected
Schneider ElectricModicon MC80 (BMKC80)All Versionsaffected
Schneider ElectricLegacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*)All Versionsaffected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References