Lucene search

SchneiderCVELIST:CVE-2022-34763

HistoryJul 12, 2022 - 12:00 a.m.

CVE-2022-34763

2022-07-1200:00:00

CWE-345

schneider

www.cve.org

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

31.9%

JSON

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

CNA Affected

[
  {
    "product": "OPC UA Modicon Communication Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThan": "V1.10",
        "status": "affected",
        "version": "BMENUA0100",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "X80 advanced RTU Communication Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThan": "BMENOR2200H*",
        "status": "affected",
        "version": "V2.01 ",
        "versionType": "custom"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

31.9%

JSON

Related for CVELIST:CVE-2022-34763