CVE-2022-45789 Information

Feb 01, 2023 cve

Description

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert (All Versions) EcoStruxure™ Process Expert (Version V2020 & prior) Modicon M340 CPU (part numbers BMXP34) (All Versions) Modicon M580 CPU (part numbers BMEP and BMEH) (All Versions) Modicon M580 CPU Safety (part numbers BMEP58S and BMEH58S) (All Versions)

Reference

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf

Share on: