CVE-2022-0222

Name: CVE-2022-0222
Creator: NVD / NIST
Published: 2022-11-22T13:15:10.113+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.57%

Last modified Jun 17, 2026

CVE-2022-0222 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24). EPSS estimates a 0.57% chance of exploitation in the next 30 days.

Description

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.57%

42.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Schneider-Electric	Modicon M340 Bmxp341000 Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmxp342000 Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmxp342010 Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmxp3420102 Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmxp342020 Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmxp342020h Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmxp342030 Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmxp3420302 Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmxp3420302h Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmxp342030h Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmxnoe0100 Firmware	All versions
Schneider-Electric	Modicon M340 Bmxnoe0110 Firmware	All versions
Schneider-Electric	Modicon M340 Bmxnoe0110h Firmware	All versions
Schneider-Electric	Modicon M340 Bmxnor0200h Firmware	All versions

References

https://www.se.com/us/en/download/document/SEVD-2022-102-02/Vendor Advisory
https://www.se.com/us/en/download/document/SEVD-2022-102-02/Vendor Advisory

Timeline

Published: Nov 22, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-0222?

How severe is CVE-2022-0222?

CVE-2022-0222 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.57% probability of exploitation in the next 30 days.

How do I fix CVE-2022-0222?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-0222?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST