Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-0222
HistoryNov 22, 2022 - 1:15 p.m.

CVE-2022-0222

2022-11-2213:15:00
CWE-269
[email protected]
web.nvd.nist.gov
32
10
cve-2022-0222
improper privilege management
denial of service
modicon m340
ethernet communication
snmp
vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

32.7%

JSON

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)

CPENameOperatorVersion
schneider-electric:modicon_m340_bmxp341000_firmwareschneider-electric modicon m340 bmxp341000 firmwarelt3.50
schneider-electric:modicon_m340_bmxp342000_firmwareschneider-electric modicon m340 bmxp342000 firmwarelt3.50
schneider-electric:modicon_m340_bmxp342010_firmwareschneider-electric modicon m340 bmxp342010 firmwarelt3.50
schneider-electric:modicon_m340_bmxp3420102_firmwareschneider-electric modicon m340 bmxp3420102 firmwarelt3.50
schneider-electric:modicon_m340_bmxp342020_firmwareschneider-electric modicon m340 bmxp342020 firmwarelt3.50
schneider-electric:modicon_m340_bmxp342020h_firmwareschneider-electric modicon m340 bmxp342020h firmwarelt3.50
schneider-electric:modicon_m340_bmxp342030_firmwareschneider-electric modicon m340 bmxp342030 firmwarelt3.50
schneider-electric:modicon_m340_bmxp3420302_firmwareschneider-electric modicon m340 bmxp3420302 firmwarelt3.50
schneider-electric:modicon_m340_bmxp3420302h_firmwareschneider-electric modicon m340 bmxp3420302h firmwarelt3.50
schneider-electric:modicon_m340_bmxp342030h_firmwareschneider-electric modicon m340 bmxp342030h firmwarelt3.50
Rows per page:
1-10 of 141

Social References

More

Related

cnvd 1
nessus 1
prion 1
cnvd
cnvd
Schneider Electric Product Licensing Issue Vulnerability
2022-11-24 00:00:00
nessus
nessus
Schneider Electric Modicon Improper Privilege Management (CVE-2022-0222)
2022-12-19 00:00:00
prion
prion
Privilege escalation
2022-11-22 13:15:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

32.7%

JSON
Related for CVE-2022-0222
cnvd1nessus1prion1