Lucene search

K
cve[email protected]CVE-2022-34763
HistoryJul 13, 2022 - 9:15 p.m.

CVE-2022-34763

2022-07-1321:15:08
CWE-345
web.nvd.nist.gov
40
3
cve
2022
34763
unauthorized firmware
x80
opc ua
communication module
nvd
cwe-345
insufficient verification
data authenticity

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.8%

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Affected configurations

NVD
Node
schneider-electricopc_ua_module_for_m580_firmwareRange1.10
AND
schneider-electricopc_ua_module_for_m580Match-
Node
schneider-electricx80_advanced_rtu_module_firmwareRange2.01
AND
schneider-electricx80_advanced_rtu_moduleMatch-

CNA Affected

[
  {
    "product": "OPC UA Modicon Communication Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThan": "V1.10",
        "status": "affected",
        "version": "BMENUA0100",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "X80 advanced RTU Communication Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThan": "BMENOR2200H*",
        "status": "affected",
        "version": "V2.01 ",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.8%

Related for CVE-2022-34763