CRITICAL🇵🇱 Wersja polska

CVE-2022-37300

CVSS 9.8v3.1pub. 2022-09-12upd. 2024-11-21

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Ecostruxure Control Expert

    APP
    Schneider-Electric
    < 15.1
  • Schneider Electric Ecostruxure Process Expert

    APP
    Schneider-Electric
    ≤ 2021
  • Schneider Electric Modicon M340 Bmxp341000

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp341000 Firmware

    OS
    Schneider-Electric
    < 3.50
  • Schneider Electric Modicon M340 Bmxp342000

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp342000 Firmware

    OS
    Schneider-Electric
    < 3.50
  • Schneider Electric Modicon M340 Bmxp342010

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp3420102

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp3420102 Firmware

    OS
    Schneider-Electric
    < 3.50
  • Schneider Electric Modicon M340 Bmxp342010 Firmware

    OS
    Schneider-Electric
    < 3.50
  • Schneider Electric Modicon M340 Bmxp342020

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp342020 Firmware

    OS
    Schneider-Electric
    < 3.50
  • Schneider Electric Modicon M340 Bmxp342020h

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp342020h Firmware

    OS
    Schneider-Electric
    < 3.50
  • Schneider Electric Modicon M340 Bmxp342030

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp3420302

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp3420302 Firmware

    OS
    Schneider-Electric
    < 3.50
  • Schneider Electric Modicon M340 Bmxp3420302h

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp3420302h Firmware

    OS
    Schneider-Electric
    < 3.50
  • Schneider Electric Modicon M340 Bmxp342030 Firmware

    OS
    Schneider-Electric
    < 3.50
  • Schneider Electric Modicon M340 Bmxp342030h

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp342030h Firmware

    OS
    Schneider-Electric
    < 3.50
  • Schneider Electric Modicon M580 Bmeh582040

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh582040c

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh582040c Firmware

    OS
    Schneider-Electric
    < 4.02
  • Schneider Electric Modicon M580 Bmeh582040 Firmware

    OS
    Schneider-Electric
    < 4.02
  • Schneider Electric Modicon M580 Bmeh582040s

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh582040s Firmware

    OS
    Schneider-Electric
    < 4.02
  • Schneider Electric Modicon M580 Bmeh584040

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh584040c

    HW
    Schneider-Electric
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-26507CRITICAL9.8ten sam produkt

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted inp...

CVE-2021-22779CRITICAL9.1ten sam produkt

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V1...

CVE-2020-7540CRITICAL9.8ten sam produkt

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340...

CVE-2020-7533CRITICAL9.8ten sam produkt

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webse...

CVE-2020-28212CRITICAL9.8ten sam produkt

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on ...