Details of VAR-202301-1957

ID

VAR-202301-1957

CVE

CVE-2022-45788

TITLE

Schneider Electric Made EcoStruxure Products , Modicon PLCs and Programmable Automation Controllers Inadequately Checked Vulnerability to Exceptional Circumstances in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002628

DESCRIPTION

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions) . Schneider Electric Provided by EcoStruxure Products , Modicon PLCs and Programmable Automation Controllers The following vulnerabilities exist in. It was * Inadequate checks for exceptional circumstances (CWE-754) - CVE-2022-45788If the vulnerability is exploited, it may be affected as follows. (( DoS ) be put into a state

Trust: 1.71

sources: NVD: CVE-2022-45788 // JVNDB: JVNDB-2023-002628 // VULMON: CVE-2022-45788

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m580 bmeh582040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 2634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 1634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure process expert	scope:	lt	version:	2021	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342020h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65160c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp3420302h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh586040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep581020h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon momentum 171cbu78090	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 4634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp3420302	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 554m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon mc80 bmkc8030311	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 6634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep584040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp341000	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh584040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65160	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342000	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp3420102	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep583020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep585040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 2834m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon mc80 bmkc8020301	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 5634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh584040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh582040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure control expert	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342010	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh584040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 454m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh586040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh586040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582020h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep586040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh582040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon momentum 171cbu98091	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342030h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep584040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep586040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon mc80 bmkc8020310	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65150	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep581020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342030	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep584020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep583040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582040h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep585040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65150c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon momentum 171cbu98090	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure control expert	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon mc80	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 cpu	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m340 cpu	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	legacy modicon quantum	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon momentum unity m1e processor	scope:	lt	version:	(( 171cbu* ) sv2.6 earlier	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 cpu safety	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ecostruxure process expert	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002628 // NVD: CVE-2022-45788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-45788
value:	CRITICAL
Trust: 1.0
cybersecurity@se.com:	CVE-2022-45788
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-45788
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202301-2355
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-45788
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cybersecurity@se.com:	CVE-2022-45788
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-45788
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002628 // CNNVD: CNNVD-202301-2355 // NVD: CVE-2022-45788 // NVD: CVE-2022-45788

PROBLEMTYPE DATA

problemtype:	CWE-754	Trust: 1.0
problemtype:	Improper checking in exceptional conditions (CWE-754) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002628 // NVD: CVE-2022-45788

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-2355

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202301-2355

PATCH

title:	Schneider Electric Security Notification EcoStruxure Control Expert, EcoStruxure Process Expert and Modicon PLCs and PACs (( PDF ) Schneider Electric	url:	https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf	Trust: 0.8
title:	Schneider Electric EcoStruxure Control Expert Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=224340	Trust: 0.6

sources: JVNDB: JVNDB-2023-002628 // CNNVD: CNNVD-202301-2355

EXTERNAL IDS

db:	NVD	id:	CVE-2022-45788	Trust: 3.3
db:	SCHNEIDER	id:	SEVD-2023-010-05	Trust: 1.7
db:	ICS CERT	id:	ICSA-23-201-01	Trust: 0.8
db:	JVN	id:	JVNVU93366178	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-002628	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.4136	Trust: 0.6
db:	CNNVD	id:	CNNVD-202301-2355	Trust: 0.6
db:	VULMON	id:	CVE-2022-45788	Trust: 0.1

sources: VULMON: CVE-2022-45788 // JVNDB: JVNDB-2023-002628 // CNNVD: CNNVD-202301-2355 // NVD: CVE-2022-45788

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-010-05&p_endoctype=security+and+safety+notice&p_file_name=sevd-2023-010-05_modicon_controllers_security_notification.pdf	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu93366178/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-45788	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-201-01	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-45788/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.4136	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/754.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-45788 // JVNDB: JVNDB-2023-002628 // CNNVD: CNNVD-202301-2355 // NVD: CVE-2022-45788

SOURCES

db:	VULMON	id:	CVE-2022-45788
db:	JVNDB	id:	JVNDB-2023-002628
db:	CNNVD	id:	CNNVD-202301-2355
db:	NVD	id:	CVE-2022-45788

LAST UPDATE DATE

2024-08-14T13:21:12.392000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-45788	date:	2023-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2023-002628	date:	2024-06-17T07:52:00
db:	CNNVD	id:	CNNVD-202301-2355	date:	2023-07-24T00:00:00
db:	NVD	id:	CVE-2022-45788	date:	2023-08-09T14:15:09.497

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-45788	date:	2023-01-30T00:00:00
db:	JVNDB	id:	JVNDB-2023-002628	date:	2023-07-24T00:00:00
db:	CNNVD	id:	CNNVD-202301-2355	date:	2023-01-30T00:00:00
db:	NVD	id:	CVE-2022-45788	date:	2023-01-30T13:15:09.310