Lucene search

SchneiderCVELIST:CVE-2022-34762

HistoryJul 13, 2022 - 9:10 p.m.

CVE-2022-34762

2022-07-1321:10:56

CWE-22

schneider

www.cve.org

cwe-22

path traversal

firmware image loading

unauthorized access

x80

opc ua

bmenor2200h

bmenua0100

vulnerability

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

36.2%

JSON

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

CNA Affected

[
  {
    "product": "OPC UA Modicon Communication Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThan": "V1.10",
        "status": "affected",
        "version": "BMENUA0100",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "X80 advanced RTU Communication Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThan": "BMENOR2200H*",
        "status": "affected",
        "version": "V2.01",
        "versionType": "custom"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

36.2%

JSON

Related for CVELIST:CVE-2022-34762