CVE-2022-45789
published 2023-01-31CVE-2022-45789: A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | ecostruxure_process_expert | <= 2020 | — |
| schneider_electric | ecostruxure_control_expert | — | — |
| schneider_electric | ecostruxure_process_expert | — | — |
| schneider_electric | modicon_m340_cpu | — | — |
| schneider_electric | modicon_m580_cpu | — | — |
| schneider_electric | modicon_m580_cpu_safety | — | — |