CVE-2022-37301

Name: CVE-2022-37301
Creator: NVD / NIST
Published: 2022-11-22T12:15:09.927+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.70%

Last modified Jun 17, 2026

CVE-2022-37301 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior). EPSS estimates a 0.70% chance of exploitation in the next 30 days.

Description

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.70%

48.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-191

Affected Software

Vendor	Product	Versions
Schneider-Electric	Modicon M340 Bmx P34-2010 Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmx P34-2030 Firmware	< 3.50
Schneider-Electric	Modicon M580 Bmeh582040 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh582040c Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh582040s Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh584040 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh584040c Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh584040s Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh586040 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh586040c Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh586040s Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep581020 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep581020h Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep582020 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep582020h Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep582040 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep582040h Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep582040s Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep583020 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep583040 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep584020 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep584040 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep584040s Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep585040 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep585040c Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep586040 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmep586040c Firmware	< 4.01
Schneider-Electric	Modicon Mc80 Bmkc8020301 Firmware	< 1.8
Schneider-Electric	Modicon Mc80 Bmkc8020310 Firmware	< 1.8
Schneider-Electric	Modicon Mc80 Bmkc8030311 Firmware	< 1.8
Schneider-Electric	Modicon Momentum 171cbu78090 Firmware	All versions
Schneider-Electric	Modicon Momentum 171cbu98090 Firmware	All versions
Schneider-Electric	Modicon Momentum 171cbu98091 Firmware	All versions
Schneider-Electric	Modicon Premium Tsxp57 1634m Firmware	All versions
Schneider-Electric	Modicon Premium Tsxp57 2634m Firmware	All versions
Schneider-Electric	Modicon Premium Tsxp57 2834m Firmware	All versions
Schneider-Electric	Modicon Premium Tsxp57 454m Firmware	All versions
Schneider-Electric	Modicon Premium Tsxp57 4634m Firmware	All versions
Schneider-Electric	Modicon Premium Tsxp57 554m Firmware	All versions
Schneider-Electric	Modicon Premium Tsxp57 5634m Firmware	All versions
Schneider-Electric	Modicon Premium Tsxp57 6634m Firmware	All versions
Schneider-Electric	Modicon Quantum 140cpu65150 Firmware	All versions
Schneider-Electric	Modicon Quantum 140cpu65150c Firmware	All versions
Schneider-Electric	Modicon Quantum 140cpu65160 Firmware	All versions
Schneider-Electric	Modicon Quantum 140cpu65160c Firmware	All versions
Schneider-Electric	Modicon Quantum 140noc78100 Firmware	All versions
Schneider-Electric	Modicon Quantum 140noe77101 Firmware	All versions
Schneider-Electric	Modicon Quantum 140noe77111 Firmware	All versions

References

https://www.se.com/us/en/download/document/SEVD-2022-221-02/Vendor Advisory
https://www.se.com/us/en/download/document/SEVD-2022-221-02/Vendor Advisory

Timeline

Published: Nov 22, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-37301?

How severe is CVE-2022-37301?

CVE-2022-37301 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.70% probability of exploitation in the next 30 days.

How do I fix CVE-2022-37301?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-37301?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST