CVE-2022-24323 vulnerability in Schneider Electric Products
Published on March 9, 2022
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)
Vulnerability Analysis
CVE-2022-24323 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Products Associated with CVE-2022-24323
stack.watch emails you whenever new vulnerabilities are published in Schneider Electric Ecostruxure Control Expert or Schneider Electric Ecostruxure Process Expert. Just hit a watch button to start following.
Affected Versions
Schneider Electric EcoStruxure Process Expert:- Version V2021 and prior is affected.
- Version V15.0 SP1 and prior is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.