Vulnerabilites related to Schneider Electric - Modicon M340 CPU
cve-2022-37300
Vulnerability from cvelistv5
Published
2022-09-12 17:40
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/us/en/download/document/SEVD-2022-221-01/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | EcoStruxure Control Expert |
Version: SP1 < |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Control Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "15.0",
"status": "affected",
"version": "SP1",
"versionType": "custom"
}
]
},
{
"product": "EcoStruxure Process Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "2021",
"status": "affected",
"version": "V",
"versionType": "custom"
}
]
},
{
"product": "Modicon M340 CPU",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "3.40",
"status": "affected",
"version": "BMXP34",
"versionType": "custom"
}
]
},
{
"product": "Modicon M580 CPU",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "3.20",
"status": "affected",
"version": "BMEP",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.20",
"status": "affected",
"version": "BMEH",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-12T17:40:10",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-37300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Control Expert",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "SP1",
"version_value": "15.0"
}
]
}
},
{
"product_name": "EcoStruxure Process Expert",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V",
"version_value": "2021"
}
]
}
},
{
"product_name": "Modicon M340 CPU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "BMXP34",
"version_value": "3.40"
}
]
}
},
{
"product_name": "Modicon M580 CPU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "BMEP",
"version_value": "3.20"
},
{
"version_affected": "\u003c=",
"version_name": "BMEH",
"version_value": "3.20"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/",
"refsource": "MISC",
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-37300",
"datePublished": "2022-09-12T17:40:10",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:29:20.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202301-1957
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34 (All Versions), Modicon M580 CPU - part numbers BMEP and BMEH (All Versions), Modicon M580 CPU Safety - part numbers BMEP58S and BMEH58S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65 and Premium CPUs - TSXP57 (All Versions)
. Schneider Electric Provided by EcoStruxure Products , Modicon PLCs and Programmable Automation Controllers The following vulnerabilities exist in. It was * Inadequate checks for exceptional circumstances (CWE-754) - CVE-2022-45788If the vulnerability is exploited, it may be affected as follows. (( DoS ) be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1957",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m580 bmeh582040",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium tsxp57 2634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium tsxp57 1634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure process expert",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2021"
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum 140cpu65160c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep582020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmeh586040c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep581020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep582040",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon momentum 171cbu78090",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium tsxp57 4634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium tsxp57 554m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon mc80 bmkc8030311",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium tsxp57 6634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep584040s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmeh584040s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum 140cpu65160",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep583020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep585040",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium tsxp57 2834m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon mc80 bmkc8020301",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium tsxp57 5634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmeh584040c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmeh582040s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure control expert",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp342010",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmeh584040",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium tsxp57 454m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmeh586040s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmeh586040",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep582020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep582040s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep586040",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmeh582040c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon momentum 171cbu98091",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep584040",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep586040c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon mc80 bmkc8020310",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum 140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep581020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep584020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep583040",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep582040h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmep585040c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum 140cpu65150c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon momentum 171cbu98090",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure control expert",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon mc80",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 cpu",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 cpu",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "legacy modicon quantum",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon momentum unity m1e processor",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "(( 171cbu* ) sv2.6 earlier"
},
{
"model": "modicon m580 cpu safety",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ecostruxure process expert",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002628"
},
{
"db": "NVD",
"id": "CVE-2022-45788"
}
]
},
"cve": "CVE-2022-45788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-45788",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2022-45788",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-45788",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-45788",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2022-45788",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-45788",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-2355",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002628"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2355"
},
{
"db": "NVD",
"id": "CVE-2022-45788"
},
{
"db": "NVD",
"id": "CVE-2022-45788"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality \u0026 integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)\n\n. Schneider Electric Provided by EcoStruxure Products , Modicon PLCs and Programmable Automation Controllers The following vulnerabilities exist in. It was * Inadequate checks for exceptional circumstances (CWE-754) - CVE-2022-45788If the vulnerability is exploited, it may be affected as follows. (( DoS ) be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45788"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002628"
},
{
"db": "VULMON",
"id": "CVE-2022-45788"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45788",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2023-010-05",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-23-201-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93366178",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002628",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.4136",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2355",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-45788",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45788"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002628"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2355"
},
{
"db": "NVD",
"id": "CVE-2022-45788"
}
]
},
"id": "VAR-202301-1957",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7
},
"last_update_date": "2024-08-14T13:21:12.392000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Schneider\u00a0Electric\u00a0Security\u00a0Notification\u00a0EcoStruxure\u00a0Control\u00a0Expert,\u00a0EcoStruxure\u00a0Process\u00a0Expert\u00a0and\u00a0Modicon\u00a0PLCs\u00a0and\u00a0PACs (( PDF ) Schneider\u00a0Electric",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
},
{
"title": "Schneider Electric EcoStruxure Control Expert Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=224340"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002628"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2355"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.0
},
{
"problemtype": "Improper checking in exceptional conditions (CWE-754) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002628"
},
{
"db": "NVD",
"id": "CVE-2022-45788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-010-05\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-010-05_modicon_controllers_security_notification.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93366178/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45788"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-201-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-45788/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.4136"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/754.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-45788"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002628"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2355"
},
{
"db": "NVD",
"id": "CVE-2022-45788"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-45788"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002628"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2355"
},
{
"db": "NVD",
"id": "CVE-2022-45788"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45788"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002628"
},
{
"date": "2023-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-2355"
},
{
"date": "2023-01-30T13:15:09.310000",
"db": "NVD",
"id": "CVE-2022-45788"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-45788"
},
{
"date": "2024-06-17T07:52:00",
"db": "JVNDB",
"id": "JVNDB-2023-002628"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-2355"
},
{
"date": "2023-08-09T14:15:09.497000",
"db": "NVD",
"id": "CVE-2022-45788"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider\u00a0Electric\u00a0 Made \u00a0EcoStruxure\u00a0Products\u00a0 , Modicon\u00a0PLCs\u00a0 and \u00a0Programmable\u00a0Automation\u00a0Controllers\u00a0 Inadequately Checked Vulnerability to Exceptional Circumstances in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002628"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2355"
}
],
"trust": 0.6
}
}