CVE-2022-45788 Information

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure™ Control Expert (All Versions) EcoStruxure™ Process Expert (Version V2020 & prior) Modicon M340 CPU (part numbers BMXP34) (All Versions) Modicon M580 CPU (part numbers BMEP and BMEH) (All Versions) Modicon M580 CPU Safety (part numbers BMEP58S and BMEH58S) (All Versions) Modicon Momentum Unity M1E Processor (171CBU) (All Versions) Modicon MC80 (BMKC80) (All Versions) Legacy Modicon Quantum (140CPU65) and Premium CPUs (TSXP57) (All Versions)

Reference

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf