CVE-2022-24322 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ecostruxure Control Expert

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

5.9MEDIUMNVD

CNA5.3

EPSS

0.2%

top 55.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Control Expert Schneider Electric Ecostruxure Control Expert

Timeline

PublishedMar 9

Latest updateMar 11

Description

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior)

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDschneider-electric/ecostruxure_control_expert< 15.0+1

▶CVEListV5schneider_electric/ecostruxure_control_expertV15.0 SP1 and prior

🔴Vulnerability Details

GHSA

GHSA-wwjr-j4cg-w355: A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication↗2022-03-11

▶

CVEList

CVE-2022-24322: A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication↗2022-03-09

▶