Lucene search

SchneiderCVE-2022-37300

HistorySep 12, 2022 - 6:15 p.m.

CVE-2022-37300

2022-09-1218:15:08

CWE-640

schneider

web.nvd.nist.gov

cve-2022-37300

vulnerability

weak password recovery mechanism

modbus

ecostruxure control expert

ecostruxure process expert

modicon m340

modicon m580 cpu

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).

Affected configurations

Nvd

Node

schneider-electricecostruxure_control_expertRange<15.1

schneider-electricecostruxure_process_expertRange≤2021

Node

schneider-electricmodicon_m340_bmxp341000_firmwareRange<3.50

AND

schneider-electricmodicon_m340_bmxp341000Match-

Node

schneider-electricmodicon_m340_bmxp342000Match-

AND

schneider-electricmodicon_m340_bmxp342000_firmwareRange<3.50

Node

schneider-electricmodicon_m340_bmxp342010Match-

AND

schneider-electricmodicon_m340_bmxp342010_firmwareRange<3.50

Node

schneider-electricmodicon_m340_bmxp3420102Match-

AND

schneider-electricmodicon_m340_bmxp3420102_firmwareRange<3.50

Node

schneider-electricmodicon_m340_bmxp342020Match-

AND

schneider-electricmodicon_m340_bmxp342020_firmwareRange<3.50

Node

schneider-electricmodicon_m340_bmxp342020hMatch-

AND

schneider-electricmodicon_m340_bmxp342020h_firmwareRange<3.50

Node

schneider-electricmodicon_m340_bmxp342030Match-

AND

schneider-electricmodicon_m340_bmxp342030_firmwareRange<3.50

Node

schneider-electricmodicon_m340_bmxp3420302Match-

AND

schneider-electricmodicon_m340_bmxp3420302_firmwareRange<3.50

Node

schneider-electricmodicon_m340_bmxp3420302hMatch-

AND

schneider-electricmodicon_m340_bmxp3420302h_firmwareRange<3.50

Node

schneider-electricmodicon_m340_bmxp342030hMatch-

AND

schneider-electricmodicon_m340_bmxp342030h_firmwareRange<3.50

Node

schneider-electricmodicon_m580_bmeh582040Match-

AND

schneider-electricmodicon_m580_bmeh582040_firmwareRange<4.02

Node

schneider-electricmodicon_m580_bmeh582040cMatch-

AND

schneider-electricmodicon_m580_bmeh582040c_firmwareRange<4.02

Node

schneider-electricmodicon_m580_bmeh582040sMatch-

AND

schneider-electricmodicon_m580_bmeh582040s_firmwareRange<4.02

Node

schneider-electricmodicon_m580_bmeh584040_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmeh584040Match-

Node

schneider-electricmodicon_m580_bmeh584040c_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmeh584040cMatch-

Node

schneider-electricmodicon_m580_bmeh584040s_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmeh584040sMatch-

Node

schneider-electricmodicon_m580_bmeh586040_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmeh586040Match-

Node

schneider-electricmodicon_m580_bmeh586040c_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmeh586040cMatch-

Node

schneider-electricmodicon_m580_bmeh586040s_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmeh586040sMatch-

Node

schneider-electricmodicon_m580_bmep581020_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep581020Match-

Node

schneider-electricmodicon_m580_bmep581020h_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep581020hMatch-

Node

schneider-electricmodicon_m580_bmep582020_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep582020Match-

Node

schneider-electricmodicon_m580_bmep582020h_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep582020hMatch-

Node

schneider-electricmodicon_m580_bmep582040_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep582040Match-

Node

schneider-electricmodicon_m580_bmep582040h_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep582040hMatch-

Node

schneider-electricmodicon_m580_bmep583020_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep583020Match-

Node

schneider-electricmodicon_m580_bmep583040_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep583040Match-

Node

schneider-electricmodicon_m580_bmep584020_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep584020Match-

Node

schneider-electricmodicon_m580_bmep584040_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep584040Match-

Node

schneider-electricmodicon_m580_bmep584040s_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep584040sMatch-

Node

schneider-electricmodicon_m580_bmep585040_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep585040Match-

Node

schneider-electricmodicon_m580_bmep585040c_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep585040cMatch-

Node

schneider-electricmodicon_m580_bmep586040_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep586040Match-

Node

schneider-electricmodicon_m580_bmep586040c_firmwareRange<4.02

AND

schneider-electricmodicon_m580_bmep586040cMatch-

VendorProductVersionCPE
schneider-electricecostruxure_control_expert*cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*
schneider-electricecostruxure_process_expert*cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmxp341000_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmxp341000-cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmxp342000-cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmxp342000_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmxp342010-cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmxp342010_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmxp3420102-cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*
schneider-electricmodicon_m340_bmxp3420102_firmware*cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	ecostruxure_control_expert	*	cpe:2.3:a:schneider-electric:ecostruxure_control_expert::::::::
schneider-electric	ecostruxure_process_expert	*	cpe:2.3:a:schneider-electric:ecostruxure_process_expert::::::::
schneider-electric	modicon_m340_bmxp341000_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware::::::::
schneider-electric	modicon_m340_bmxp341000	-	cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:::::::*
schneider-electric	modicon_m340_bmxp342000	-	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:::::::*
schneider-electric	modicon_m340_bmxp342000_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware::::::::
schneider-electric	modicon_m340_bmxp342010	-	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:::::::*
schneider-electric	modicon_m340_bmxp342010_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware::::::::
schneider-electric	modicon_m340_bmxp3420102	-	cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:::::::*
schneider-electric	modicon_m340_bmxp3420102_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware::::::::

Rows per page:

1-10 of 701

CNA Affected

[
  {
    "product": "EcoStruxure Control Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "15.0",
        "status": "affected",
        "version": "SP1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "EcoStruxure Process Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "2021",
        "status": "affected",
        "version": "V",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Modicon M340 CPU",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "3.40",
        "status": "affected",
        "version": "BMXP34",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Modicon M580 CPU",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "3.20",
        "status": "affected",
        "version": "BMEP",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "3.20",
        "status": "affected",
        "version": "BMEH",
        "versionType": "custom"
      }
    ]
  }
]

References

www.se.com/us/en/download/document/SEVD-2022-221-01/

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

Related for CVE-2022-37300