Lucene search

K
cve[email protected]CVE-2022-34760
HistoryJul 13, 2022 - 9:15 p.m.

CVE-2022-34760

2022-07-1321:15:08
CWE-835
web.nvd.nist.gov
34
5
cve-2022-34760
denial of service
infinite loop
vulnerability
x80 advanced rtu communication module
bmenor2200h
opc ua modicon communication module
bmenua0100

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

38.4%

A CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Affected configurations

NVD
Node
schneider-electricopc_ua_module_for_m580_firmwareRange1.10
AND
schneider-electricopc_ua_module_for_m580Match-
Node
schneider-electricx80_advanced_rtu_module_firmwareMatch1.0
AND
schneider-electricx80_advanced_rtu_moduleMatch-

CNA Affected

[
  {
    "product": "OPC UA Modicon Communication Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThan": "V1.10",
        "status": "affected",
        "version": "BMENUA0100",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "X80 advanced RTU Communication Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "BMENOR2200H V1.0 "
      }
    ]
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

38.4%

Related for CVE-2022-34760