2 matches found
Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers PLCs that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 CVSS score: 7.5 and CVE-2022-45789 CVSS score: 8.1, are...
CVE-2022-45789
CVE-2022-45789 is a concrete vulnerability in Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340/M580 CPUs (and variants) where an authenticated Modbus session can be hijacked to bypass authentication and execute unauthorized Modbus functions. Root cause: CWE-...