Lucene search

SchneiderCVELIST:CVE-2022-24322

HistoryMar 09, 2022 - 11:05 p.m.

CVE-2022-24322

2022-03-0923:05:13

CWE-119

schneider

www.cve.org

cwe-119

modicon controller

engineering software

modbus response data

ecostruxure control expert

vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior)

CNA Affected

[
  {
    "product": "EcoStruxure Control Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "V15.0 SP1 and prior"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

Related for CVELIST:CVE-2022-24322