CVE-2022-45788 — HIGH (7.5)

Q: How severe is CVE-2022-45788?

CVE-2022-45788 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-45788?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Control Expert, Schneider-Electric Ecostruxure Process Expert, Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware.

Vulnerability Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Ecostruxure Control Expert	All versions
Schneider-Electric	Ecostruxure Process Expert	< 2021
Schneider-Electric	Modicon M340 Bmxp341000 Firmware	-
Schneider-Electric	Modicon M340 Bmxp341000	-
Schneider-Electric	Modicon M340 Bmxp342000 Firmware	-
Schneider-Electric	Modicon M340 Bmxp342000	-
Schneider-Electric	Modicon M340 Bmxp342010 Firmware	-
Schneider-Electric	Modicon M340 Bmxp342010	-
Schneider-Electric	Modicon M340 Bmxp3420102 Firmware	-
Schneider-Electric	Modicon M340 Bmxp3420102	-
Schneider-Electric	Modicon M340 Bmxp342020 Firmware	-
Schneider-Electric	Modicon M340 Bmxp342020	-
Schneider-Electric	Modicon M340 Bmxp342020H Firmware	-
Schneider-Electric	Modicon M340 Bmxp342020H	-
Schneider-Electric	Modicon M340 Bmxp342030 Firmware	-
Schneider-Electric	Modicon M340 Bmxp342030	-
Schneider-Electric	Modicon M340 Bmxp3420302 Firmware	-
Schneider-Electric	Modicon M340 Bmxp3420302	-
Schneider-Electric	Modicon M340 Bmxp3420302H Firmware	-
Schneider-Electric	Modicon M340 Bmxp3420302H	-

Related Weaknesses (CWE)

CWE-754

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocPatchVendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocPatchVendor Advisory

FAQ

What is CVE-2022-45788?

CVE-2022-45788 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicio...

How severe is CVE-2022-45788?

CVE-2022-45788 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-45788?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Control Expert, Schneider-Electric Ecostruxure Process Expert, Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware.