CVE-2022-24323

CWE-7543 documents3 sources

Severity

5.9MEDIUM

EPSS

0.3%

top 43.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Control Expert Schneider-electric Ecostruxure Process Expert Schneider Electric Ecostruxure Control Expert +1 more

Timeline

PublishedMar 9

Latest updateMar 11

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages4 packages

▶NVDschneider-electric/ecostruxure_control_expert< 15.0+1

▶NVDschneider-electric/ecostruxure_process_expert2021

▶CVEListV5schneider_electric/ecostruxure_control_expertV15.0 SP1 and prior

▶CVEListV5schneider_electric/ecostruxure_process_expertV2021 and prior

🔴Vulnerability Details

GHSA

GHSA-wxpm-2rxr-g39h: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modico↗2022-03-11

▶

CVEList

CVE-2022-24323: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modico↗2022-03-09

▶