All the vulnerabilites related to Schneider Electric - EcoStruxure Process Expert
cve-2022-45789
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Schneider Electric | EcoStruxure Control Expert |
Version: All Versions |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:17:04.077Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EcoStruxure Control Expert ", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "EcoStruxure Process Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "Modicon M340 CPU (part numbers BMXP34*)", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*) ", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)\u003c/p\u003e" } ], "value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-294", "description": "CWE-294: Authentication Bypass by Capture-Replay", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-09T13:48:11.112Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2022-45789", "datePublished": "2023-01-31T00:00:00", "dateReserved": "2022-11-22T00:00:00", "dateUpdated": "2024-08-03T14:17:04.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6408
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Schneider Electric | Modicon M340 CPU (part numbers BMXP34*) |
Version: Versions prior to sv3.60 |
||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "modicon_m580_bmep585040_firmware", "vendor": "schneider-electric", "versions": [ { "lessThan": "4.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "modicon_m340_bmxp342030h_firmware", "vendor": "schneider-electric", "versions": [ { "lessThan": "3.60", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "modicon_m580_bmeh586040s_firmware", "vendor": "schneider-electric", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-6408", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-17T19:15:41.696437Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-17T19:36:47.656Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:28:21.776Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Modicon M340 CPU (part numbers BMXP34*)", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "Versions prior to sv3.60" } ] }, { "defaultStatus": "unaffected", "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "Versions prior to sv4.20" } ] }, { "defaultStatus": "unaffected", "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "EcoStruxure Control Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "Versions prior to v16.0" } ] }, { "defaultStatus": "unaffected", "product": "EcoStruxure Process Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "Versions prior to v2023" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n" } ], "value": "\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-924", "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-14T16:52:24.805Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-6408", "datePublished": "2024-02-14T16:52:24.805Z", "dateReserved": "2023-11-30T09:52:30.945Z", "dateUpdated": "2024-08-02T08:28:21.776Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-24323
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01 | x_refsource_MISC |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Schneider Electric | EcoStruxure Process Expert |
Version: V2021 and prior |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:07:02.566Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EcoStruxure Process Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "V2021 and prior" } ] }, { "product": "EcoStruxure Control Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "V15.0 SP1 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-09T23:05:14", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2022-24323", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EcoStruxure Process Expert", "version": { "version_data": [ { "version_name": "V2021", "version_value": "and prior" } ] } }, { "product_name": "EcoStruxure Control Expert", "version": { "version_data": [ { "version_name": "V15.0 SP1", "version_value": "and prior" } ] } } ] }, "vendor_name": "Schneider Electric" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions" } ] } ] }, "references": { "reference_data": [ { "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01", "refsource": "MISC", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2022-24323", "datePublished": "2022-03-09T23:05:14", "dateReserved": "2022-02-02T00:00:00", "dateUpdated": "2024-08-03T04:07:02.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6409
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Schneider Electric | EcoStruxure Control Expert |
Version: Versions prior to v16.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:28:21.802Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EcoStruxure Control Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "Versions prior to v16.0" } ] }, { "defaultStatus": "unaffected", "product": "EcoStruxure Process Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "Versions prior to v2023" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nCWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized\naccess to a project file protected with application password when opening the file with\nEcoStruxure Control Expert.\n\n" } ], "value": "\nCWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized\naccess to a project file protected with application password when opening the file with\nEcoStruxure Control Expert.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-14T16:47:05.519Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-6409", "datePublished": "2024-02-14T16:47:05.519Z", "dateReserved": "2023-11-30T09:53:56.413Z", "dateUpdated": "2024-08-02T08:28:21.802Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27975
Vulnerability from cvelistv5
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Schneider Electric | EcoStruxure Control Expert |
Version: Versions prior to v16.0 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-27975", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-21T20:31:05.372971Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:24:48.765Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.803Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EcoStruxure Control Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "Versions prior to v16.0" } ] }, { "defaultStatus": "unaffected", "product": "EcoStruxure Process Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "Versions prior to v2023" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nCWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized\naccess to the project file in EcoStruxure Control Expert when a local user tampers with the\nmemory of the engineering workstation.\n\n" } ], "value": "\nCWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized\naccess to the project file in EcoStruxure Control Expert when a local user tampers with the\nmemory of the engineering workstation.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-14T16:55:41.495Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-27975", "datePublished": "2024-02-14T16:55:41.495Z", "dateReserved": "2023-03-09T05:25:56.973Z", "dateUpdated": "2024-08-02T12:23:30.803Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45788
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Schneider Electric | EcoStruxure Control Expert |
Version: All Versions |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:17:04.131Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EcoStruxure Control Expert ", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "EcoStruxure Process Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "Modicon M340 CPU (part numbers BMXP34*)", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*) ", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "Modicon Momentum Unity M1E Processor (171CBU*)", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "Modicon MC80 (BMKC80)", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unaffected", "product": "Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*)", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All Versions" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality \u0026amp; integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)\u003c/p\u003e" } ], "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality \u0026 integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-09T13:43:07.202Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2022-45788", "datePublished": "2023-01-30T00:00:00", "dateReserved": "2022-11-22T00:00:00", "dateUpdated": "2024-08-03T14:17:04.131Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37300
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.se.com/us/en/download/document/SEVD-2022-221-01/ | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Schneider Electric | EcoStruxure Control Expert |
Version: SP1 < |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:29:20.628Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EcoStruxure Control Expert", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "15.0", "status": "affected", "version": "SP1", "versionType": "custom" } ] }, { "product": "EcoStruxure Process Expert", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "2021", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "Modicon M340 CPU", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "3.40", "status": "affected", "version": "BMXP34", "versionType": "custom" } ] }, { "product": "Modicon M580 CPU", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "3.20", "status": "affected", "version": "BMEP", "versionType": "custom" }, { "lessThanOrEqual": "3.20", "status": "affected", "version": "BMEH", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-640", "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-12T17:40:10", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2022-37300", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EcoStruxure Control Expert", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "SP1", "version_value": "15.0" } ] } }, { "product_name": "EcoStruxure Process Expert", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "V", "version_value": "2021" } ] } }, { "product_name": "Modicon M340 CPU", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "BMXP34", "version_value": "3.40" } ] } }, { "product_name": "Modicon M580 CPU", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "BMEP", "version_value": "3.20" }, { "version_affected": "\u003c=", "version_name": "BMEH", "version_value": "3.20" } ] } } ] }, "vendor_name": "Schneider Electric" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/", "refsource": "MISC", "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2022-37300", "datePublished": "2022-09-12T17:40:10", "dateReserved": "2022-08-01T00:00:00", "dateUpdated": "2024-08-03T10:29:20.628Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22797
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.se.com/ww/en/download/document/SEVD-2021-257-01/ | x_refsource_MISC |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Schneider Electric | EcoStruxure Control Expert |
Version: unspecified < V15.0 SP1 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:51:07.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EcoStruxure Control Expert", "vendor": "Schneider Electric", "versions": [ { "lessThan": "V15.0 SP1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "EcoStruxure Process Expert", "vendor": "Schneider Electric", "versions": [ { "lessThan": "2020", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "SCADAPack RemoteConnect for x70", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-13T15:45:24", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2021-22797", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EcoStruxure Control Expert", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "V15.0 SP1" } ] } }, { "product_name": "EcoStruxure Process Expert", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2020" } ] } }, { "product_name": "SCADAPack RemoteConnect for x70", "version": { "version_data": [ { "version_value": "All versions" } ] } } ] }, "vendor_name": "Schneider Electric" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/", "refsource": "MISC", "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2021-22797", "datePublished": "2022-03-28T16:25:24", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.527Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202204-0257
Vulnerability from variot
** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0257", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "xmill", "scope": "eq", "trust": 1.0, "vendor": "att", "version": "0.7" }, { "model": "ecostruxure process expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "2021" }, { "model": "ecostruxure control expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "15.1" }, { "model": "ecostruxure control expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "15.1" }, { "model": "remoteconnect", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null } ], "sources": [ { "db": "NVD", "id": "CVE-2022-26507" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:att:xmill:0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:remoteconnect:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_470:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_474:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_570:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_574:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_575:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:remoteconnect:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_470:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_474:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_570:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_574:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_575:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-26507" } ] }, "cve": "CVE-2022-26507", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2022-26507", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 1.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2022-26507", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-26507", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202204-3389", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2022-26507", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-26507" }, { "db": "CNNVD", "id": "CNNVD-202204-3389" }, { "db": "NVD", "id": "CVE-2022-26507" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT\u0026T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer", "sources": [ { "db": "NVD", "id": "CVE-2022-26507" }, { "db": "VULMON", "id": "CVE-2022-26507" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SCHNEIDER", "id": "SEVD-2021-222-02", "trust": 1.7 }, { "db": "NVD", "id": "CVE-2022-26507", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-202204-3389", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-26507", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-26507" }, { "db": "CNNVD", "id": "CNNVD-202204-3389" }, { "db": "NVD", "id": "CVE-2022-26507" } ] }, "id": "VAR-202204-0257", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.7375 }, "last_update_date": "2022-05-04T09:32:10.215000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "AT\u0026T Labs Xmill Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190458" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-3389" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-26507" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://claroty.com" }, { "trust": 1.7, "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-222-02" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-26507/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-26507" }, { "db": "CNNVD", "id": "CNNVD-202204-3389" }, { "db": "NVD", "id": "CVE-2022-26507" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-26507" }, { "db": "CNNVD", "id": "CNNVD-202204-3389" }, { "db": "NVD", "id": "CVE-2022-26507" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-14T00:00:00", "db": "VULMON", "id": "CVE-2022-26507" }, { "date": "2022-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-3389" }, { "date": "2022-04-14T13:15:00", "db": "NVD", "id": "CVE-2022-26507" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-23T00:00:00", "db": "VULMON", "id": "CVE-2022-26507" }, { "date": "2022-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-3389" }, { "date": "2022-04-23T02:21:00", "db": "NVD", "id": "CVE-2022-26507" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-3389" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "AT\u0026T Labs Xmill Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-3389" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-3389" } ], "trust": 0.6 } }
var-202109-1974
Vulnerability from variot
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of STU and STA files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "ecostruxure control expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "15.1" }, { "_id": null, "model": "ecostruxure process expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "2021" }, { "_id": null, "model": "remoteconnect", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "_id": null, "model": "ecostruxure process expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "_id": null, "model": "ecostruxure control expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "_id": null, "model": "scadapack remoteconnect for x70", "scope": "eq", "trust": 0.8, "vendor": "schneider electric", "version": "all s" }, { "_id": null, "model": "ecostruxure control expert classic", "scope": null, "trust": 0.7, "vendor": "schneider electric", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-1102" }, { "db": "JVNDB", "id": "JVNDB-2021-002515" }, { "db": "NVD", "id": "CVE-2021-22797" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:remoteconnect:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_470:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_474:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_570:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_574:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_575:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:remoteconnect:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_470:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_474:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_570:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_574:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:scadapack_575:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22797" } ] }, "credits": { "_id": null, "data": "kimiya", "sources": [ { "db": "ZDI", "id": "ZDI-21-1102" } ], "trust": 0.7 }, "cve": "CVE-2021-22797", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2021-22797", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22797", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-002515", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22797", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22797", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2021-002515", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2021-22797", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202109-1469", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-1102" }, { "db": "JVNDB", "id": "JVNDB-2021-002515" }, { "db": "CNNVD", "id": "CNNVD-202109-1469" }, { "db": "NVD", "id": "CVE-2021-22797" } ] }, "description": { "_id": null, "data": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of STU and STA files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user", "sources": [ { "db": "NVD", "id": "CVE-2021-22797" }, { "db": "JVNDB", "id": "JVNDB-2021-002515" }, { "db": "ZDI", "id": "ZDI-21-1102" }, { "db": "VULMON", "id": "CVE-2021-22797" } ], "trust": 2.34 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-22797", "trust": 3.2 }, { "db": "SCHNEIDER", "id": "SEVD-2021-257-01", "trust": 1.6 }, { "db": "ZDI", "id": "ZDI-21-1102", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU98742301", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-21-259-02", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002515", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13461", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202109-1469", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-22797", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-1102" }, { "db": "VULMON", "id": "CVE-2021-22797" }, { "db": "JVNDB", "id": "JVNDB-2021-002515" }, { "db": "CNNVD", "id": "CNNVD-202109-1469" }, { "db": "NVD", "id": "CVE-2021-22797" } ] }, "id": "VAR-202109-1974", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.7375 }, "last_update_date": "2022-05-04T08:16:26.089000Z", "patch": { "_id": null, "data": [ { "title": "EcoStruxureTM\u00a0Control\u00a0Expert,\u00a0EcoStruxureTM\u00a0Process\u00a0Expert,\u00a0SCADAPack\u00a0RemoteConnect?\u00a0for\u00a0x70", "trust": 0.8, "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-257-01" }, { "title": "Schneider Electric has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-259-02" }, { "title": "Schneider Electric EcoStruxure Control Expert Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=163280" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-1102" }, { "db": "JVNDB", "id": "JVNDB-2021-002515" }, { "db": "CNNVD", "id": "CNNVD-202109-1469" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-22", "trust": 1.0 }, { "problemtype": "Path traversal (CWE-22) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002515" }, { "db": "NVD", "id": "CVE-2021-22797" } ] }, "references": { "_id": null, "data": [ { "trust": 1.6, "url": "https://www.se.com/ww/en/download/document/sevd-2021-257-01/" }, { "trust": 1.5, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-259-02" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98742301/index.html" }, { "trust": 0.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-1102/" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-22797/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-1102" }, { "db": "VULMON", "id": "CVE-2021-22797" }, { "db": "JVNDB", "id": "JVNDB-2021-002515" }, { "db": "CNNVD", "id": "CNNVD-202109-1469" }, { "db": "NVD", "id": "CVE-2021-22797" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-1102", "ident": null }, { "db": "VULMON", "id": "CVE-2021-22797", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2021-002515", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202109-1469", "ident": null }, { "db": "NVD", "id": "CVE-2021-22797", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-09-20T00:00:00", "db": "ZDI", "id": "ZDI-21-1102", "ident": null }, { "date": "2021-09-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002515", "ident": null }, { "date": "2021-09-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-1469", "ident": null }, { "date": "2022-04-13T16:15:00", "db": "NVD", "id": "CVE-2021-22797", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-09-20T00:00:00", "db": "ZDI", "id": "ZDI-21-1102", "ident": null }, { "date": "2021-09-22T06:36:00", "db": "JVNDB", "id": "JVNDB-2021-002515", "ident": null }, { "date": "2022-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-1469", "ident": null }, { "date": "2022-04-23T02:12:00", "db": "NVD", "id": "CVE-2021-22797", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-1469" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Schneider\u00a0Electric\u00a0 Made \u00a0EcoStruxure\u00a0 and \u00a0SCADAPack\u00a0 Directory traversal vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002515" } ], "trust": 0.8 }, "type": { "_id": null, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-1469" } ], "trust": 0.6 } }
var-202203-0230
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0230", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ecostruxure control expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" }, { "model": "ecostruxure process expert", "scope": "lte", "trust": 1.0, "vendor": "schneider electric", "version": "2021" }, { "model": "ecostruxure control expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-24323" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2021", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-24323" } ] }, "cve": "CVE-2022-24323", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2022-24323", "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "id": "CVE-2022-24323", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-24323", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202203-829", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-829" }, { "db": "NVD", "id": "CVE-2022-24323" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)", "sources": [ { "db": "NVD", "id": "CVE-2022-24323" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-24323", "trust": 1.6 }, { "db": "SCHNEIDER", "id": "SEVD-2022-067-01", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-202203-829", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-829" }, { "db": "NVD", "id": "CVE-2022-24323" } ] }, "id": "VAR-202203-0230", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.7375 }, "last_update_date": "2022-05-04T09:37:30.871000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Schneider Electric EcoStruxure Control Expert and Schneider Electric EcoStruxure Process Exper Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185691" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-829" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-754", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-24323" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-067-01" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-24323/" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-829" }, { "db": "NVD", "id": "CVE-2022-24323" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202203-829" }, { "db": "NVD", "id": "CVE-2022-24323" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-829" }, { "date": "2022-03-09T23:15:00", "db": "NVD", "id": "CVE-2022-24323" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-829" }, { "date": "2022-03-12T02:39:00", "db": "NVD", "id": "CVE-2022-24323" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-829" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Schneider Electric EcoStruxure Control Expert and Schneider Electric EcoStruxure Process Exper Code problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-829" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-829" } ], "trust": 0.6 } }
var-202209-0597
Vulnerability from variot
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP and BMEH*) (V3.20 and prior).
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202209-0597", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "modicon m580 bmep582020", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m340 bmxp3420302", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.50" }, { "model": "modicon m580 bmep585040c", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmep581020h", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m340 bmxp342000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.50" }, { "model": "modicon m580 bmep584020", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmeh582040s", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmep583020", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmep582040h", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmep584040s", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m340 bmxp342020h", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.50" }, { "model": "modicon m580 bmeh582040c", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmep581020", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmep582040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmeh584040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m340 bmxp3420102", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.50" }, { "model": "modicon m580 bmeh584040c", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmep582020h", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmep586040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m340 bmxp342030", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.50" }, { "model": "modicon m580 bmep586040c", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "ecostruxure process expert", "scope": "lte", "trust": 1.0, "vendor": "schneider electric", "version": "2021" }, { "model": "modicon m340 bmxp342020", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.50" }, { "model": "modicon m580 bmeh584040s", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmeh586040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmep584040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmep585040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmep583040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmeh586040s", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "ecostruxure control expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "15.1" }, { "model": "modicon m340 bmxp3420302h", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.50" }, { "model": "modicon m580 bmeh582040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m580 bmeh586040c", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "4.02" }, { "model": "modicon m340 bmxp342010", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.50" }, { "model": "modicon m340 bmxp342030h", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.50" }, { "model": "modicon m340 bmxp341000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.50" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-37300" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2021", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.50", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-37300" } ] }, "cve": "CVE-2022-37300", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2022-37300", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-37300", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202209-725", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-725" }, { "db": "NVD", "id": "CVE-2022-37300" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).", "sources": [ { "db": "NVD", "id": "CVE-2022-37300" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-37300", "trust": 1.6 }, { "db": "SCHNEIDER", "id": "SEVD-2022-221-01", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-202209-725", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-725" }, { "db": "NVD", "id": "CVE-2022-37300" } ] }, "id": "VAR-202209-0597", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.26339286 }, "last_update_date": "2022-09-16T22:28:54.978000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Multiple Schneider Electric Product Authorization Issue Vulnerability Fixing Measures", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=207862" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-725" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-640", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-37300" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.se.com/us/en/download/document/sevd-2022-221-01/" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-37300/" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-725" }, { "db": "NVD", "id": "CVE-2022-37300" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202209-725" }, { "db": "NVD", "id": "CVE-2022-37300" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-725" }, { "date": "2022-09-12T18:15:00", "db": "NVD", "id": "CVE-2022-37300" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-725" }, { "date": "2022-09-15T17:30:00", "db": "NVD", "id": "CVE-2022-37300" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-725" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple Schneider Electric Product Authorization Issue Vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-725" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-725" } ], "trust": 0.6 } }
var-202301-1957
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34 (All Versions), Modicon M580 CPU - part numbers BMEP and BMEH (All Versions), Modicon M580 CPU Safety - part numbers BMEP58S and BMEH58S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65 and Premium CPUs - TSXP57 (All Versions)
. Schneider Electric Provided by EcoStruxure Products , Modicon PLCs and Programmable Automation Controllers The following vulnerabilities exist in. It was * Inadequate checks for exceptional circumstances (CWE-754) - CVE-2022-45788If the vulnerability is exploited, it may be affected as follows. (( DoS ) be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202301-1957", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "modicon m580 bmeh582040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon premium tsxp57 2634m", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon premium tsxp57 1634m", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "ecostruxure process expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "2021" }, { "model": "modicon m340 bmxp342020h", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon quantum 140cpu65160c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m340 bmxp3420302h", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep582020", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmeh586040c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep581020h", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep582040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon momentum 171cbu78090", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon premium tsxp57 4634m", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m340 bmxp3420302", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon premium tsxp57 554m", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon mc80 bmkc8030311", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon premium tsxp57 6634m", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep584040s", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m340 bmxp341000", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmeh584040s", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon quantum 140cpu65160", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m340 bmxp342000", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m340 bmxp3420102", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep583020", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep585040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon premium tsxp57 2834m", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon mc80 bmkc8020301", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon premium tsxp57 5634m", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmeh584040c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmeh582040s", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "ecostruxure control expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m340 bmxp342010", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmeh584040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon premium tsxp57 454m", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmeh586040s", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmeh586040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep582020h", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep582040s", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep586040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m340 bmxp342020", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmeh582040c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon momentum 171cbu98091", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m340 bmxp342030h", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep584040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep586040c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon mc80 bmkc8020310", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon quantum 140cpu65150", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep581020", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m340 bmxp342030", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep584020", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep583040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep582040h", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep585040c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon quantum 140cpu65150c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "modicon momentum 171cbu98090", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": null }, { "model": "ecostruxure control expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "modicon mc80", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 cpu", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "modicon m340 cpu", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "legacy modicon quantum", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "modicon momentum unity m1e processor", "scope": "lt", "trust": 0.8, "vendor": "schneider electric", "version": "(( 171cbu* ) sv2.6 earlier" }, { "model": "modicon m580 cpu safety", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "ecostruxure process expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-002628" }, { "db": "NVD", "id": "CVE-2022-45788" } ] }, "cve": "CVE-2022-45788", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2022-45788", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "cybersecurity@se.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "id": "CVE-2022-45788", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-45788", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-45788", "trust": 1.0, "value": "CRITICAL" }, { "author": "cybersecurity@se.com", "id": "CVE-2022-45788", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-45788", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202301-2355", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-002628" }, { "db": "CNNVD", "id": "CNNVD-202301-2355" }, { "db": "NVD", "id": "CVE-2022-45788" }, { "db": "NVD", "id": "CVE-2022-45788" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality \u0026 integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)\n\n. Schneider Electric Provided by EcoStruxure Products , Modicon PLCs and Programmable Automation Controllers The following vulnerabilities exist in. It was * Inadequate checks for exceptional circumstances (CWE-754) - CVE-2022-45788If the vulnerability is exploited, it may be affected as follows. (( DoS ) be put into a state", "sources": [ { "db": "NVD", "id": "CVE-2022-45788" }, { "db": "JVNDB", "id": "JVNDB-2023-002628" }, { "db": "VULMON", "id": "CVE-2022-45788" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-45788", "trust": 3.3 }, { "db": "SCHNEIDER", "id": "SEVD-2023-010-05", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-23-201-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU93366178", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-002628", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2023.4136", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202301-2355", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-45788", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-45788" }, { "db": "JVNDB", "id": "JVNDB-2023-002628" }, { "db": "CNNVD", "id": "CNNVD-202301-2355" }, { "db": "NVD", "id": "CVE-2022-45788" } ] }, "id": "VAR-202301-1957", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.7 }, "last_update_date": "2024-08-14T13:21:12.392000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Schneider\u00a0Electric\u00a0Security\u00a0Notification\u00a0EcoStruxure\u00a0Control\u00a0Expert,\u00a0EcoStruxure\u00a0Process\u00a0Expert\u00a0and\u00a0Modicon\u00a0PLCs\u00a0and\u00a0PACs (( PDF ) Schneider\u00a0Electric", "trust": 0.8, "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf" }, { "title": "Schneider Electric EcoStruxure Control Expert Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=224340" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-002628" }, { "db": "CNNVD", "id": "CNNVD-202301-2355" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-754", "trust": 1.0 }, { "problemtype": "Improper checking in exceptional conditions (CWE-754) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-002628" }, { "db": "NVD", "id": "CVE-2022-45788" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-010-05\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-010-05_modicon_controllers_security_notification.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93366178/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-45788" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-201-01" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-45788/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.4136" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/754.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-45788" }, { "db": "JVNDB", "id": "JVNDB-2023-002628" }, { "db": "CNNVD", "id": "CNNVD-202301-2355" }, { "db": "NVD", "id": "CVE-2022-45788" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-45788" }, { "db": "JVNDB", "id": "JVNDB-2023-002628" }, { "db": "CNNVD", "id": "CNNVD-202301-2355" }, { "db": "NVD", "id": "CVE-2022-45788" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-30T00:00:00", "db": "VULMON", "id": "CVE-2022-45788" }, { "date": "2023-07-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-002628" }, { "date": "2023-01-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202301-2355" }, { "date": "2023-01-30T13:15:09.310000", "db": "NVD", "id": "CVE-2022-45788" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-03T00:00:00", "db": "VULMON", "id": "CVE-2022-45788" }, { "date": "2024-06-17T07:52:00", "db": "JVNDB", "id": "JVNDB-2023-002628" }, { "date": "2023-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202301-2355" }, { "date": "2023-08-09T14:15:09.497000", "db": "NVD", "id": "CVE-2022-45788" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202301-2355" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Schneider\u00a0Electric\u00a0 Made \u00a0EcoStruxure\u00a0Products\u00a0 , Modicon\u00a0PLCs\u00a0 and \u00a0Programmable\u00a0Automation\u00a0Controllers\u00a0 Inadequately Checked Vulnerability to Exceptional Circumstances in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-002628" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202301-2355" } ], "trust": 0.6 } }
var-202107-0330
Vulnerability from variot
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file. EcoStruxure Control Expert , EcoStruxure Process Expert , SCADAPack RemoteConnect Exists in an inadequate protection of credentials.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0330", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "remoteconnect", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "ecostruxure control expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" }, { "model": "ecostruxure process expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "ecostruxure control expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" }, { "model": "ecostruxure control expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "ecostruxure process expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "remoteconnect", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009772" }, { "db": "NVD", "id": "CVE-2021-22780" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22780" } ] }, "cve": "CVE-2021-22780", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2021-22780", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.9, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22780", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-22780", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22780", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-1023", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-22780", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22780" }, { "db": "JVNDB", "id": "JVNDB-2021-009772" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1023" }, { "db": "NVD", "id": "CVE-2021-22780" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file. EcoStruxure Control Expert , EcoStruxure Process Expert , SCADAPack RemoteConnect Exists in an inadequate protection of credentials.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-22780" }, { "db": "JVNDB", "id": "JVNDB-2021-009772" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-22780" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-22780", "trust": 3.3 }, { "db": "SCHNEIDER", "id": "SEVD-2021-194-01", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU97215148", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-009772", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071414", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2406", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-1023", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-22780", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22780" }, { "db": "JVNDB", "id": "JVNDB-2021-009772" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1023" }, { "db": "NVD", "id": "CVE-2021-22780" } ] }, "id": "VAR-202107-0330", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.7375 }, "last_update_date": "2022-05-21T20:57:03.209000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SEVD-2021-194-01", "trust": 0.8, "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009772" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-522", "trust": 1.0 }, { "problemtype": "Inadequate protection of credentials (CWE-522) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009772" }, { "db": "NVD", "id": "CVE-2021-22780" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97215148/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22780" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071414" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2406" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/522.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22780" }, { "db": "JVNDB", "id": "JVNDB-2021-009772" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1023" }, { "db": "NVD", "id": "CVE-2021-22780" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-22780" }, { "db": "JVNDB", "id": "JVNDB-2021-009772" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1023" }, { "db": "NVD", "id": "CVE-2021-22780" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-14T00:00:00", "db": "VULMON", "id": "CVE-2021-22780" }, { "date": "2022-05-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009772" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1023" }, { "date": "2021-07-14T15:15:00", "db": "NVD", "id": "CVE-2021-22780" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-26T00:00:00", "db": "VULMON", "id": "CVE-2021-22780" }, { "date": "2022-05-19T08:45:00", "db": "JVNDB", "id": "JVNDB-2021-009772" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1023" }, { "date": "2021-07-26T13:58:00", "db": "NVD", "id": "CVE-2021-22780" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-1023" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Schneider\u00a0Electric\u00a0 Inadequate protection of credentials in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009772" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1023" } ], "trust": 1.2 } }
var-202107-0331
Vulnerability from variot
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file. EcoStruxure Control Expert , EcoStruxure Process Expert , SCADAPack RemoteConnect Exists in an inadequate protection of credentials.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0331", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "remoteconnect", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "ecostruxure control expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" }, { "model": "ecostruxure process expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "ecostruxure control expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" }, { "model": "ecostruxure control expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "ecostruxure process expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "remoteconnect", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009771" }, { "db": "NVD", "id": "CVE-2021-22781" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22781" } ] }, "cve": "CVE-2021-22781", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2021-22781", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.9, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22781", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-22781", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22781", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-1022", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-22781", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22781" }, { "db": "JVNDB", "id": "JVNDB-2021-009771" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1022" }, { "db": "NVD", "id": "CVE-2021-22781" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file. EcoStruxure Control Expert , EcoStruxure Process Expert , SCADAPack RemoteConnect Exists in an inadequate protection of credentials.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-22781" }, { "db": "JVNDB", "id": "JVNDB-2021-009771" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-22781" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-22781", "trust": 3.3 }, { "db": "SCHNEIDER", "id": "SEVD-2021-194-01", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU97215148", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-009771", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071414", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2406", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-1022", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-22781", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22781" }, { "db": "JVNDB", "id": "JVNDB-2021-009771" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1022" }, { "db": "NVD", "id": "CVE-2021-22781" } ] }, "id": "VAR-202107-0331", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.7375 }, "last_update_date": "2022-05-21T19:39:01.814000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SEVD-2021-194-01", "trust": 0.8, "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009771" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-522", "trust": 1.0 }, { "problemtype": "Inadequate protection of credentials (CWE-522) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009771" }, { "db": "NVD", "id": "CVE-2021-22781" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97215148/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22781" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071414" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2406" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/522.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22781" }, { "db": "JVNDB", "id": "JVNDB-2021-009771" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1022" }, { "db": "NVD", "id": "CVE-2021-22781" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-22781" }, { "db": "JVNDB", "id": "JVNDB-2021-009771" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1022" }, { "db": "NVD", "id": "CVE-2021-22781" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-14T00:00:00", "db": "VULMON", "id": "CVE-2021-22781" }, { "date": "2022-05-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009771" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1022" }, { "date": "2021-07-14T15:15:00", "db": "NVD", "id": "CVE-2021-22781" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-26T00:00:00", "db": "VULMON", "id": "CVE-2021-22781" }, { "date": "2022-05-19T08:42:00", "db": "JVNDB", "id": "JVNDB-2021-009771" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1022" }, { "date": "2021-07-26T13:48:00", "db": "NVD", "id": "CVE-2021-22781" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-1022" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Schneider\u00a0Electric\u00a0 Inadequate protection of credentials in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009771" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1022" } ], "trust": 1.2 } }
var-202107-0332
Vulnerability from variot
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file. EcoStruxure Control Expert , EcoStruxure Process Expert , SCADAPack RemoteConnect There is a vulnerability in the lack of encryption of critical data.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0332", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "remoteconnect", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "ecostruxure control expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" }, { "model": "ecostruxure process expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "ecostruxure control expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" }, { "model": "ecostruxure control expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "ecostruxure process expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "remoteconnect", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009770" }, { "db": "NVD", "id": "CVE-2021-22782" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22782" } ] }, "cve": "CVE-2021-22782", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2021-22782", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.9, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22782", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-22782", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22782", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-1021", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-22782", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22782" }, { "db": "JVNDB", "id": "JVNDB-2021-009770" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1021" }, { "db": "NVD", "id": "CVE-2021-22782" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file. EcoStruxure Control Expert , EcoStruxure Process Expert , SCADAPack RemoteConnect There is a vulnerability in the lack of encryption of critical data.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-22782" }, { "db": "JVNDB", "id": "JVNDB-2021-009770" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-22782" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-22782", "trust": 3.3 }, { "db": "SCHNEIDER", "id": "SEVD-2021-194-01", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU97215148", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-009770", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071414", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2406", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-1021", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-22782", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22782" }, { "db": "JVNDB", "id": "JVNDB-2021-009770" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1021" }, { "db": "NVD", "id": "CVE-2021-22782" } ] }, "id": "VAR-202107-0332", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.7375 }, "last_update_date": "2022-05-21T20:11:57.019000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SEVD-2021-194-01", "trust": 0.8, "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009770" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-311", "trust": 1.0 }, { "problemtype": "Lack of encryption of critical data (CWE-311) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009770" }, { "db": "NVD", "id": "CVE-2021-22782" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97215148/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22782" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071414" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2406" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/311.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22782" }, { "db": "JVNDB", "id": "JVNDB-2021-009770" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1021" }, { "db": "NVD", "id": "CVE-2021-22782" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-22782" }, { "db": "JVNDB", "id": "JVNDB-2021-009770" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1021" }, { "db": "NVD", "id": "CVE-2021-22782" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-14T00:00:00", "db": "VULMON", "id": "CVE-2021-22782" }, { "date": "2022-05-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009770" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1021" }, { "date": "2021-07-14T15:15:00", "db": "NVD", "id": "CVE-2021-22782" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-26T00:00:00", "db": "VULMON", "id": "CVE-2021-22782" }, { "date": "2022-05-19T08:37:00", "db": "JVNDB", "id": "JVNDB-2021-009770" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1021" }, { "date": "2021-07-26T13:41:00", "db": "NVD", "id": "CVE-2021-22782" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-1021" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerability in lack of encryption of critical data in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009770" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1021" } ], "trust": 1.2 } }
var-202107-0328
Vulnerability from variot
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file. EcoStruxure Control Expert , EcoStruxure Process Expert , SCADAPack RemoteConnect Exists in an inadequate protection of credentials.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0328", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "remoteconnect", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "ecostruxure control expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" }, { "model": "ecostruxure process expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "ecostruxure control expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" }, { "model": "ecostruxure control expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "ecostruxure process expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "remoteconnect", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009774" }, { "db": "NVD", "id": "CVE-2021-22778" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22778" } ] }, "cve": "CVE-2021-22778", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2021-22778", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.9, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-22778", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-22778", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22778", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-1033", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-22778", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22778" }, { "db": "JVNDB", "id": "JVNDB-2021-009774" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1033" }, { "db": "NVD", "id": "CVE-2021-22778" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file. EcoStruxure Control Expert , EcoStruxure Process Expert , SCADAPack RemoteConnect Exists in an inadequate protection of credentials.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-22778" }, { "db": "JVNDB", "id": "JVNDB-2021-009774" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-22778" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-22778", "trust": 3.3 }, { "db": "SCHNEIDER", "id": "SEVD-2021-194-01", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU97215148", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-009774", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071414", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2406", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-1033", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-22778", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22778" }, { "db": "JVNDB", "id": "JVNDB-2021-009774" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1033" }, { "db": "NVD", "id": "CVE-2021-22778" } ] }, "id": "VAR-202107-0328", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.7375 }, "last_update_date": "2022-05-21T21:14:30.224000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SEVD-2021-194-01", "trust": 0.8, "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009774" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-522", "trust": 1.0 }, { "problemtype": "Inadequate protection of credentials (CWE-522) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009774" }, { "db": "NVD", "id": "CVE-2021-22778" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97215148/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22778" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071414" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2406" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/522.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22778" }, { "db": "JVNDB", "id": "JVNDB-2021-009774" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1033" }, { "db": "NVD", "id": "CVE-2021-22778" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-22778" }, { "db": "JVNDB", "id": "JVNDB-2021-009774" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1033" }, { "db": "NVD", "id": "CVE-2021-22778" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-14T00:00:00", "db": "VULMON", "id": "CVE-2021-22778" }, { "date": "2022-05-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009774" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1033" }, { "date": "2021-07-14T15:15:00", "db": "NVD", "id": "CVE-2021-22778" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-26T00:00:00", "db": "VULMON", "id": "CVE-2021-22778" }, { "date": "2022-05-19T08:53:00", "db": "JVNDB", "id": "JVNDB-2021-009774" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1033" }, { "date": "2021-07-26T12:59:00", "db": "NVD", "id": "CVE-2021-22778" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-1033" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Schneider\u00a0Electric\u00a0 Inadequate protection of credentials in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009774" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1033" } ], "trust": 1.2 } }
var-202107-0329
Vulnerability from variot
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP and BMEH), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller. plural Schneider Electric The product contains a vulnerability in spoofing authentication bypass.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0329", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "remoteconnect", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep584040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep586040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m340 bmxp342010", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep586040c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "ecostruxure control expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" }, { "model": "modicon m580 bmep581020h", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep582020", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m340 bmxp342020", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmeh584040s", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmeh582040s", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep583040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmeh584040c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m340 bmxp342030", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep582040h", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep583020", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "ecostruxure control expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "15.0" }, { "model": "ecostruxure process expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmeh582040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep582040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmeh586040c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmeh584040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmeh586040s", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep581020", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep584020", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmeh586040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep582040s", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep585040", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep585040c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmeh582040c", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep584040s", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m340 bmxp341000", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep582020h", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmep582040h", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep582020h", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep582020", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "remoteconnect", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep582040s", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep582040", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "ecostruxure process expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep581020h", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "ecostruxure control expert", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "modicon m580 bmep581020", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009773" }, { "db": "NVD", "id": "CVE-2021-22779" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22779" } ] }, "cve": "CVE-2021-22779", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-22779", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.9, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-22779", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 9.1, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-22779", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22779", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-1031", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2021-22779", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22779" }, { "db": "JVNDB", "id": "JVNDB-2021-009773" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1031" }, { "db": "NVD", "id": "CVE-2021-22779" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller. plural Schneider Electric The product contains a vulnerability in spoofing authentication bypass.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-22779" }, { "db": "JVNDB", "id": "JVNDB-2021-009773" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-22779" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-22779", "trust": 3.3 }, { "db": "SCHNEIDER", "id": "SEVD-2021-194-01", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU97215148", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-009773", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071415", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2406", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-1031", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-22779", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22779" }, { "db": "JVNDB", "id": "JVNDB-2021-009773" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1031" }, { "db": "NVD", "id": "CVE-2021-22779" } ] }, "id": "VAR-202107-0329", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4214285733333334 }, "last_update_date": "2022-05-21T20:53:59.998000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SEVD-2021-194-01", "trust": 0.8, "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009773" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-290", "trust": 1.0 }, { "problemtype": "Avoid authentication by spoofing (CWE-290) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009773" }, { "db": "NVD", "id": "CVE-2021-22779" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97215148/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22779" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071415" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2406" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/290.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22779" }, { "db": "JVNDB", "id": "JVNDB-2021-009773" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1031" }, { "db": "NVD", "id": "CVE-2021-22779" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-22779" }, { "db": "JVNDB", "id": "JVNDB-2021-009773" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1031" }, { "db": "NVD", "id": "CVE-2021-22779" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-14T00:00:00", "db": "VULMON", "id": "CVE-2021-22779" }, { "date": "2022-05-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009773" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1031" }, { "date": "2021-07-14T15:15:00", "db": "NVD", "id": "CVE-2021-22779" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-26T00:00:00", "db": "VULMON", "id": "CVE-2021-22779" }, { "date": "2022-05-19T08:51:00", "db": "JVNDB", "id": "JVNDB-2021-009773" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-1031" }, { "date": "2021-07-26T17:20:00", "db": "NVD", "id": "CVE-2021-22779" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-1031" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Schneider\u00a0Electric\u00a0 Product spoofing authentication evasion vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009773" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-1031" } ], "trust": 1.2 } }