CVE-2022-45789

Summary

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58S and BMEH58S (All Versions)

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Control ExpertAll Versionsaffected
Schneider ElectricEcoStruxure Process ExpertAll Versionsaffected
Schneider ElectricModicon M340 CPU (part numbers BMXP34*)All Versionsaffected
Schneider ElectricModicon M580 CPU (part numbers BMEP* and BMEH*)All Versionsaffected
Schneider ElectricModicon M580 CPU Safety (part numbers BMEP58S and BMEH58S)All Versionsaffected

Weaknesses

  • CWE-294: CWE-294: Authentication Bypass by Capture-Replay

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References