Lucene search
HistoryJan 30, 2023 - 1:15 p.m.
CVE-2022-45788
cve-2022-45788
cwe-754
ecostruxure control expert
ecostruxure process expert
modicon cpus
arbitrary code execution
denial of service
confidentiality loss
integrity loss
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.0%
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58S and BMEH58S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)
Affected configurations
Node
schneider-electricecostruxure_control_expert
ORschneider-electricecostruxure_process_expertRange<2021
Node
schneider-electricmodicon_m340_bmxp341000Match-
schneider-electricmodicon_m340_bmxp341000_firmwareMatch-
Node
schneider-electricmodicon_m340_bmxp342000Match-
schneider-electricmodicon_m340_bmxp342000_firmwareMatch-
Node
schneider-electricmodicon_m340_bmxp342010Match-
schneider-electricmodicon_m340_bmxp342010_firmwareMatch-
Node
schneider-electricmodicon_m340_bmxp3420102Match-
schneider-electricmodicon_m340_bmxp3420102_firmwareMatch-
Node
schneider-electricmodicon_m340_bmxp342020Match-
schneider-electricmodicon_m340_bmxp342020_firmwareMatch-
Node
schneider-electricmodicon_m340_bmxp342020hMatch-
schneider-electricmodicon_m340_bmxp342020h_firmwareMatch-
Node
schneider-electricmodicon_m340_bmxp342030Match-
schneider-electricmodicon_m340_bmxp342030_firmwareMatch-
Node
schneider-electricmodicon_m340_bmxp3420302Match-
schneider-electricmodicon_m340_bmxp3420302_firmwareMatch-
Node
schneider-electricmodicon_m340_bmxp3420302h_firmwareMatch-
schneider-electricmodicon_m340_bmxp3420302hMatch-
Node
schneider-electricmodicon_m340_bmxp342030h_firmwareMatch-
schneider-electricmodicon_m340_bmxp342030hMatch-
Node
schneider-electricmodicon_m580_bmeh582040_firmwareMatch-
schneider-electricmodicon_m580_bmeh582040Match-
Node
schneider-electricmodicon_m580_bmeh582040c_firmwareMatch-
schneider-electricmodicon_m580_bmeh582040cMatch-
Node
schneider-electricmodicon_m580_bmeh582040s_firmwareMatch-
schneider-electricmodicon_m580_bmeh582040sMatch-
Node
schneider-electricmodicon_m580_bmeh584040_firmwareMatch-
schneider-electricmodicon_m580_bmeh584040Match-
Node
schneider-electricmodicon_m580_bmeh584040c_firmwareMatch-
schneider-electricmodicon_m580_bmeh584040cMatch-
Node
schneider-electricmodicon_m580_bmeh584040s_firmwareMatch-
schneider-electricmodicon_m580_bmeh584040sMatch-
Node
schneider-electricmodicon_m580_bmeh586040_firmwareMatch-
schneider-electricmodicon_m580_bmeh586040Match-
Node
schneider-electricmodicon_m580_bmeh586040c_firmwareMatch-
schneider-electricmodicon_m580_bmeh586040cMatch-
Node
schneider-electricmodicon_m580_bmeh586040s_firmwareMatch-
schneider-electricmodicon_m580_bmeh586040sMatch-
Node
schneider-electricmodicon_m580_bmep581020_firmwareMatch-
schneider-electricmodicon_m580_bmep581020Match-
Node
schneider-electricmodicon_m580_bmep581020hMatch-
schneider-electricmodicon_m580_bmep581020h_firmwareMatch-
Node
schneider-electricmodicon_m580_bmep582020_firmwareMatch-
schneider-electricmodicon_m580_bmep582020Match-
Node
schneider-electricmodicon_m580_bmep582020h_firmwareMatch-
schneider-electricmodicon_m580_bmep582020hMatch-
Node
schneider-electricmodicon_m580_bmep582040_firmwareMatch-
schneider-electricmodicon_m580_bmep582040Match-
Node
schneider-electricmodicon_m580_bmep582040h_firmwareMatch-
schneider-electricmodicon_m580_bmep582040hMatch-
Node
schneider-electricmodicon_m580_bmep582040s_firmwareMatch-
schneider-electricmodicon_m580_bmep582040sMatch-
Node
schneider-electricmodicon_m580_bmep583020_firmwareMatch-
schneider-electricmodicon_m580_bmep583020Match-
Node
schneider-electricmodicon_m580_bmep583040_firmwareMatch-
schneider-electricmodicon_m580_bmep583040Match-
Node
schneider-electricmodicon_m580_bmep584020_firmwareMatch-
schneider-electricmodicon_m580_bmep584020Match-
Node
schneider-electricmodicon_m580_bmep584040_firmwareMatch-
schneider-electricmodicon_m580_bmep584040Match-
Node
schneider-electricmodicon_m580_bmep584040s_firmwareMatch-
schneider-electricmodicon_m580_bmep584040sMatch-
Node
schneider-electricmodicon_m580_bmep585040_firmwareMatch-
schneider-electricmodicon_m580_bmep585040Match-
Node
schneider-electricmodicon_m580_bmep585040c_firmwareMatch-
schneider-electricmodicon_m580_bmep585040cMatch-
Node
schneider-electricmodicon_m580_bmep586040_firmwareMatch-
schneider-electricmodicon_m580_bmep586040Match-
Node
schneider-electricmodicon_m580_bmep586040c_firmwareMatch-
schneider-electricmodicon_m580_bmep586040cMatch-
Node
schneider-electricmodicon_momentum_171cbu78090_firmwareMatch-
schneider-electricmodicon_momentum_171cbu78090Match-
Node
schneider-electricmodicon_momentum_171cbu98090_firmwareMatch-
schneider-electricmodicon_momentum_171cbu98090Match-
Node
schneider-electricmodicon_momentum_171cbu98091_firmwareMatch-
schneider-electricmodicon_momentum_171cbu98091Match-
Node
schneider-electricmodicon_mc80_bmkc8020301_firmwareMatch-
schneider-electricmodicon_mc80_bmkc8020301Match-
Node
schneider-electricmodicon_mc80_bmkc8020310_firmwareMatch-
schneider-electricmodicon_mc80_bmkc8020310Match-
Node
schneider-electricmodicon_mc80_bmkc8030311_firmwareMatch-
schneider-electricmodicon_mc80_bmkc8030311Match-
Node
schneider-electricmodicon_quantum_140cpu65150_firmwareMatch-
schneider-electricmodicon_quantum_140cpu65150Match-
Node
schneider-electricmodicon_quantum_140cpu65150c_firmwareMatch-
schneider-electricmodicon_quantum_140cpu65150cMatch-
Node
schneider-electricmodicon_quantum_140cpu65160_firmwareMatch-
schneider-electricmodicon_quantum_140cpu65160Match-
Node
schneider-electricmodicon_quantum_140cpu65160c_firmwareMatch-
schneider-electricmodicon_quantum_140cpu65160cMatch-
Node
schneider-electricmodicon_premium_tsxp57_1634m_firmwareMatch-
schneider-electricmodicon_premium_tsxp57_1634mMatch-
Node
schneider-electricmodicon_premium_tsxp57_2634m_firmwareMatch-
schneider-electricmodicon_premium_tsxp57_2634mMatch-
Node
schneider-electricmodicon_premium_tsxp57_2834m_firmwareMatch-
schneider-electricmodicon_premium_tsxp57_2834mMatch-
Node
schneider-electricmodicon_premium_tsxp57_454m_firmwareMatch-
schneider-electricmodicon_premium_tsxp57_454mMatch-
Node
schneider-electricmodicon_premium_tsxp57_4634m_firmwareMatch-
schneider-electricmodicon_premium_tsxp57_4634mMatch-
Node
schneider-electricmodicon_premium_tsxp57_554m_firmwareMatch-
schneider-electricmodicon_premium_tsxp57_554mMatch-
Node
schneider-electricmodicon_premium_tsxp57_5634m_firmwareMatch-
schneider-electricmodicon_premium_tsxp57_5634mMatch-
Node
schneider-electricmodicon_premium_tsxp57_6634m_firmwareMatch-
schneider-electricmodicon_premium_tsxp57_6634mMatch-
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Control Expert ",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Process Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M340 CPU (part numbers BMXP34*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU (part numbers BMEP* and BMEH*) ",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon Momentum Unity M1E Processor (171CBU*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon MC80 (BMKC80)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
]Social References
More
Related
prion
prion
Design/Logic Flaw
2023-01-30 13:15:00
cvelist
cvelist
CVE-2022-45788
2023-01-30 00:00:00
nessus
nessus
ics
ics
nvd
nvd
CVE-2022-45788
2023-01-30 13:15:09
thn
thn
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.0%
Related for CVE-2022-45788