CVE-2022-37300

CWE-6403 documents3 sources

Severity

9.8CRITICAL

EPSS

0.6%

top 31.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Control Expert Schneider-electric Modicon M340 Bmxp341000 Firmware Schneider-electric Modicon M340 Bmxp342000 Firmware +37 more

Timeline

PublishedSep 12

Latest updateSep 13

Description

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages40 packages

▶NVDschneider-electric/ecostruxure_control_expert< 15.1

▶CVEListV5schneider_electric/ecostruxure_control_expertSP1 — 15.0

▶CVEListV5schneider_electric/ecostruxure_process_expertV — 2021

▶NVDschneider-electric/ecostruxure_process_expert2021

▶NVDschneider-electric/modicon_m340_bmxp341000_firmware< 3.50

Patches

Patch: www.se.com ↗Patch: www.se.com ↗

🔴Vulnerability Details

GHSA

GHSA-w47m-6qcr-7xg2: A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to↗2022-09-13

▶

CVEList

CVE-2022-37300: A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to↗2022-09-12

▶