Lucene search

K
cve[email protected]CVE-2022-34761
HistoryJul 13, 2022 - 9:15 p.m.

CVE-2022-34761

2022-07-1321:15:08
CWE-476
web.nvd.nist.gov
46
4
cve-2022-34761
cwe-476
null pointer dereference
json parsing
bmenor2200h
bmenua0100

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

36.3%

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Affected configurations

NVD
Node
schneider-electricopc_ua_module_for_m580_firmwareRange1.10
AND
schneider-electricopc_ua_module_for_m580Match-
Node
schneider-electricx80_advanced_rtu_module_firmwareRange2.01
AND
schneider-electricx80_advanced_rtu_moduleMatch-

CNA Affected

[
  {
    "product": "OPC UA Modicon Communication Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThan": "V1.10",
        "status": "affected",
        "version": "BMENUA0100",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "X80 advanced RTU Communication Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThan": "BMENOR2200H*",
        "status": "affected",
        "version": "V2.01 ",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

36.3%

Related for CVE-2022-34761