Lucene search

SchneiderCVE-2022-24323

HistoryMar 09, 2022 - 11:15 p.m.

CVE-2022-24323

2022-03-0923:15:07

CWE-754

schneider

web.nvd.nist.gov

cve-2022-24323

cwe-754

modicon

ecostruxure process expert

ecostruxure control expert

vulnerability

nvd

security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)

Affected configurations

Nvd

Node

schneider-electricecostruxure_control_expertRange<15.0

schneider-electricecostruxure_control_expertMatch15.0-

schneider-electricecostruxure_control_expertMatch15.0sp1

schneider-electricecostruxure_process_expertRange≤2021

VendorProductVersionCPE
schneider-electricecostruxure_control_expert*cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*
schneider-electricecostruxure_control_expert15.0cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*
schneider-electricecostruxure_control_expert15.0cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:sp1:*:*:*:*:*:*
schneider-electricecostruxure_process_expert*cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	ecostruxure_control_expert	*	cpe:2.3:a:schneider-electric:ecostruxure_control_expert::::::::
schneider-electric	ecostruxure_control_expert	15.0	cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-::::::
schneider-electric	ecostruxure_control_expert	15.0	cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:sp1::::::
schneider-electric	ecostruxure_process_expert	*	cpe:2.3:a:schneider-electric:ecostruxure_process_expert::::::::

CNA Affected

[
  {
    "product": "EcoStruxure Process Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "V2021 and prior"
      }
    ]
  },
  {
    "product": "EcoStruxure Control Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "V15.0 SP1 and prior"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

Related for CVE-2022-24323