CVE-2022-45789
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58S and BMEH58S (All Versions)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schneider Electric | EcoStruxure Control Expert | All Versions | affected |
| Schneider Electric | EcoStruxure Process Expert | All Versions | affected |
| Schneider Electric | Modicon M340 CPU (part numbers BMXP34*) | All Versions | affected |
| Schneider Electric | Modicon M580 CPU (part numbers BMEP* and BMEH*) | All Versions | affected |
| Schneider Electric | Modicon M580 CPU Safety (part numbers BMEP58S and BMEH58S) | All Versions | affected |
Weaknesses
- CWE-294: CWE-294: Authentication Bypass by Capture-Replay
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.