CVE-2022-37301 — HIGH (7.5)

Q: How severe is CVE-2022-37301?

CVE-2022-37301 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-37301?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmx P34-2010 Firmware, Schneider-Electric Modicon M340 Bmx P34-2010, Schneider-Electric Modicon M340 Bmx P34-2030 Firmware, Schneider-Electric Modicon M340 Bmx P34-2030, Schneider-Electric Modicon M580 Bmeh582040 Firmware.

Vulnerability Description

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Modicon M340 Bmx P34-2010 Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmx P34-2010	-
Schneider-Electric	Modicon M340 Bmx P34-2030 Firmware	< 3.50
Schneider-Electric	Modicon M340 Bmx P34-2030	-
Schneider-Electric	Modicon M580 Bmeh582040 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh582040	-
Schneider-Electric	Modicon M580 Bmeh582040C Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh582040C	-
Schneider-Electric	Modicon M580 Bmeh582040S Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh582040S	-
Schneider-Electric	Modicon M580 Bmeh584040 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh584040	-
Schneider-Electric	Modicon M580 Bmeh584040C Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh584040C	-
Schneider-Electric	Modicon M580 Bmeh584040S Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh584040S	-
Schneider-Electric	Modicon M580 Bmeh586040 Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh586040	-
Schneider-Electric	Modicon M580 Bmeh586040C Firmware	< 4.01
Schneider-Electric	Modicon M580 Bmeh586040C	-

Related Weaknesses (CWE)

CWE-191

References

https://www.se.com/us/en/download/document/SEVD-2022-221-02/Vendor Advisory
https://www.se.com/us/en/download/document/SEVD-2022-221-02/Vendor Advisory

FAQ

What is CVE-2022-37301?

CVE-2022-37301 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affect...

How severe is CVE-2022-37301?

CVE-2022-37301 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-37301?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmx P34-2010 Firmware, Schneider-Electric Modicon M340 Bmx P34-2010, Schneider-Electric Modicon M340 Bmx P34-2030 Firmware, Schneider-Electric Modicon M340 Bmx P34-2030, Schneider-Electric Modicon M580 Bmeh582040 Firmware.