CVE-2022-45788
Last modified
CVE-2022-45788 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions) . EPSS estimates a 1.16% chance of exploitation in the next 30 days.
Description
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Ecostruxure Control Expert | All versions |
| Schneider-Electric | Ecostruxure Process Expert | < 2021 |
| Schneider-Electric | Modicon M340 Bmxp341000 Firmware | All versions |
| Schneider-Electric | Modicon M340 Bmxp342000 Firmware | All versions |
| Schneider-Electric | Modicon M340 Bmxp342010 Firmware | All versions |
| Schneider-Electric | Modicon M340 Bmxp3420102 Firmware | All versions |
| Schneider-Electric | Modicon M340 Bmxp342020 Firmware | All versions |
| Schneider-Electric | Modicon M340 Bmxp342020h Firmware | All versions |
| Schneider-Electric | Modicon M340 Bmxp342030 Firmware | All versions |
| Schneider-Electric | Modicon M340 Bmxp3420302 Firmware | All versions |
| Schneider-Electric | Modicon M340 Bmxp3420302h Firmware | All versions |
| Schneider-Electric | Modicon M340 Bmxp342030h Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmeh582040 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmeh582040c Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmeh582040s Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmeh584040 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmeh584040c Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmeh584040s Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmeh586040 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmeh586040c Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmeh586040s Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep581020 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep581020h Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep582020 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep582020h Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep582040 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep582040h Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep582040s Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep583020 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep583040 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep584020 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep584040 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep584040s Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep585040 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep585040c Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep586040 Firmware | All versions |
| Schneider-Electric | Modicon M580 Bmep586040c Firmware | All versions |
| Schneider-Electric | Modicon Momentum 171cbu78090 Firmware | All versions |
| Schneider-Electric | Modicon Momentum 171cbu98090 Firmware | All versions |
| Schneider-Electric | Modicon Momentum 171cbu98091 Firmware | All versions |
| Schneider-Electric | Modicon Mc80 Bmkc8020301 Firmware | All versions |
| Schneider-Electric | Modicon Mc80 Bmkc8020310 Firmware | All versions |
| Schneider-Electric | Modicon Mc80 Bmkc8030311 Firmware | All versions |
| Schneider-Electric | Modicon Quantum 140cpu65150 Firmware | All versions |
| Schneider-Electric | Modicon Quantum 140cpu65150c Firmware | All versions |
| Schneider-Electric | Modicon Quantum 140cpu65160 Firmware | All versions |
| Schneider-Electric | Modicon Quantum 140cpu65160c Firmware | All versions |
| Schneider-Electric | Modicon Premium Tsxp57 1634m Firmware | All versions |
| Schneider-Electric | Modicon Premium Tsxp57 2634m Firmware | All versions |
| Schneider-Electric | Modicon Premium Tsxp57 2834m Firmware | All versions |
Showing 50 of 55 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-45788?
How severe is CVE-2022-45788?
How do I fix CVE-2022-45788?
Are you affected by CVE-2022-45788?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST