CVE-2022-45789 — HIGH (8.1)

Q: How severe is CVE-2022-45789?

CVE-2022-45789 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-45789?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Control Expert, Schneider-Electric Ecostruxure Process Expert, Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware.

Vulnerability Description

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Ecostruxure Control Expert	All versions
Schneider-Electric	Ecostruxure Process Expert	<= 2020
Schneider-Electric	Modicon M340 Bmxp341000 Firmware	All versions
Schneider-Electric	Modicon M340 Bmxp341000	-
Schneider-Electric	Modicon M340 Bmxp342000 Firmware	All versions
Schneider-Electric	Modicon M340 Bmxp342000	-
Schneider-Electric	Modicon M340 Bmxp342010 Firmware	-
Schneider-Electric	Modicon M340 Bmxp342010	All versions
Schneider-Electric	Modicon M340 Bmxp3420102 Firmware	All versions
Schneider-Electric	Modicon M340 Bmxp3420102	-
Schneider-Electric	Modicon M340 Bmxp342020 Firmware	All versions
Schneider-Electric	Modicon M340 Bmxp342020	-
Schneider-Electric	Modicon M340 Bmxp342020H Firmware	All versions
Schneider-Electric	Modicon M340 Bmxp342020H	-
Schneider-Electric	Modicon M340 Bmxp342030 Firmware	All versions
Schneider-Electric	Modicon M340 Bmxp342030	-
Schneider-Electric	Modicon M340 Bmxp3420302 Firmware	All versions
Schneider-Electric	Modicon M340 Bmxp3420302	-
Schneider-Electric	Modicon M340 Bmxp3420302H Firmware	All versions
Schneider-Electric	Modicon M340 Bmxp3420302H	-

Related Weaknesses (CWE)

CWE-294

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocPatchVendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocPatchVendor Advisory

FAQ

What is CVE-2022-45789?

CVE-2022-45789 is a vulnerability with a CVSS score of 8.1 (HIGH). A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Af...

How severe is CVE-2022-45789?

CVE-2022-45789 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-45789?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Control Expert, Schneider-Electric Ecostruxure Process Expert, Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware.