cbcvebase.
CVE-2022-45788
published 2023-01-30

CVE-2022-45788: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)

Affected

9 ranges
VendorProductVersion rangeFixed in
schneider-electricecostruxure_process_expert< 20212021
schneider_electricecostruxure_control_expert
schneider_electricecostruxure_process_expert
schneider_electriclegacy_modicon_quantum_and_premium_cpus
schneider_electricmodicon_m340_cpu
schneider_electricmodicon_m580_cpu
schneider_electricmodicon_m580_cpu_safety
schneider_electricmodicon_mc80
schneider_electricmodicon_momentum_unity_m1e_processor