Sign-up

ID

VAR-202211-1389


CVE

CVE-2022-0222


TITLE

Schneider Electric Product Authorization Issue Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-86329

DESCRIPTION

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24). Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructures from Schneider Electric, France. Schneider Electric products have an authorization problem vulnerability. This vulnerability stems from improper authority management

Trust: 1.53

sources: NVD: CVE-2022-0222 // CNVD: CNVD-2022-86329 // VULMON: CVE-2022-0222

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-86329

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon m340 bmxp3420302scope:ltversion:3.50

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342030hscope:ltversion:3.50

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxnor0200hscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420102scope:ltversion:3.50

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342020scope:ltversion:3.50

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342020hscope:ltversion:3.50

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxnoe0110scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342010scope:ltversion:3.50

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420302hscope:ltversion:3.50

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp341000scope:ltversion:3.50

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342030scope:ltversion:3.50

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342000scope:ltversion:3.50

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxnoe0110hscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxnoe0100scope:eqversion: -

Trust: 1.0

vendor:schneidermodel:electric modicon m340 cpus <bmxp34*scope:eqversion:v3.40

Trust: 0.6

vendor:schneidermodel:electric modicon m340 ethernet communication modules bmxnoe0100scope:eqversion:x80

Trust: 0.6

vendor:schneidermodel:electric modicon m340 ethernet communication modules bmxnoe0110scope:eqversion:x80

Trust: 0.6

vendor:schneidermodel:electric modicon m340 ethernet communication modules bmxnor0200h rtuscope:eqversion:x80

Trust: 0.6

vendor:schneidermodel:electric modicon m340 ethernet communication modules bmxnoe*scope:eqversion:x80

Trust: 0.6

vendor:schneidermodel:electric modicon m340 ethernet communication modules <bmxnor* v1.7ir24scope:eqversion:x80

Trust: 0.6

sources: CNVD: CNVD-2022-86329 // NVD: CVE-2022-0222

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-0222
value: HIGH

Trust: 1.0

cybersecurity@se.com: CVE-2022-0222
value: HIGH

Trust: 1.0

CNVD: CNVD-2022-86329
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202211-3299
value: HIGH

Trust: 0.6

CNVD: CNVD-2022-86329
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-0222
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2022-86329 // CNNVD: CNNVD-202211-3299 // NVD: CVE-2022-0222 // NVD: CVE-2022-0222

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

sources: NVD: CVE-2022-0222

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3299

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-3299

PATCH

title:Patch for Schneider Electric Product Authorization Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/364611

Trust: 0.6

title:Schneider Electric Modicon M340 Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=215779

Trust: 0.6

sources: CNVD: CNVD-2022-86329 // CNNVD: CNNVD-202211-3299

EXTERNAL IDS

db:SCHNEIDERid:SEVD-2022-102-02

Trust: 2.3

db:NVDid:CVE-2022-0222

Trust: 2.3

db:CNVDid:CNVD-2022-86329

Trust: 0.6

db:CNNVDid:CNNVD-202211-3299

Trust: 0.6

db:VULMONid:CVE-2022-0222

Trust: 0.1

sources: CNVD: CNVD-2022-86329 // VULMON: CVE-2022-0222 // CNNVD: CNNVD-202211-3299 // NVD: CVE-2022-0222

REFERENCES

url:https://www.se.com/us/en/download/document/sevd-2022-102-02/

Trust: 2.3

url:https://cxsecurity.com/cveshow/cve-2022-0222/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-86329 // VULMON: CVE-2022-0222 // CNNVD: CNNVD-202211-3299 // NVD: CVE-2022-0222

SOURCES

db:CNVDid:CNVD-2022-86329
db:VULMONid:CVE-2022-0222
db:CNNVDid:CNNVD-202211-3299
db:NVDid:CVE-2022-0222

LAST UPDATE DATE

2024-08-14T14:17:34.334000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-86329date:2022-12-09T00:00:00
db:VULMONid:CVE-2022-0222date:2022-11-22T00:00:00
db:CNNVDid:CNNVD-202211-3299date:2022-12-01T00:00:00
db:NVDid:CVE-2022-0222date:2022-11-30T20:38:37.057

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-86329date:2022-12-07T00:00:00
db:VULMONid:CVE-2022-0222date:2022-11-22T00:00:00
db:CNNVDid:CNNVD-202211-3299date:2022-11-22T00:00:00
db:NVDid:CVE-2022-0222date:2022-11-22T13:15:10.113