CVE-2022-45788

CWE-7543 documents3 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 41.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Process Expert Schneider Electric Ecostruxure Control Expert Schneider Electric Ecostruxure Process Expert +6 more

Timeline

PublishedJan 30

Latest updateJul 6

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - pa…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5schneider_electric/modicon_m580_cpu_safety_(part_numbers_bmep58*s_and_bmeh58*s)All Versions

▶CVEListV5schneider_electric/modicon_m580_cpu_(part_numbers_bmep*_and_bmeh*)All Versions

▶CVEListV5schneider_electric/modicon_m340_cpu_(part_numbers_bmxp34*)All Versions

▶CVEListV5schneider_electric/legacy_modicon_quantum_(140cpu65*)_and_premium_cpus_(tsxp57*)All Versions

▶CVEListV5schneider_electric/modicon_momentum_unity_m1e_processor_(171cbu*)All Versions

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-7q3m-cm45-5qq5: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and↗2023-07-06

▶

CVEList

CVE-2022-45788: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and↗2023-01-30

▶