Modicon PLC/EcoStruxure Control Improper Check, Arbitrary Execution
CVE-2022-45788 Published on January 30, 2023

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)

NVD

Vulnerability Analysis

CVE-2022-45788 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Improper Check for Unusual or Exceptional Conditions

The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.


Products Associated with CVE-2022-45788

stack.watch emails you whenever new vulnerabilities are published in Schneider Electric Ecostruxure Control Expert or Schneider Electric Ecostruxure Process Expert. Just hit a watch button to start following.

Schneider Electric Ecostruxure Control Expert
 
Schneider Electric Ecostruxure Process Expert
 

Affected Versions

Schneider Electric EcoStruxure Control Expert : Schneider Electric EcoStruxure Process Expert: Schneider Electric Modicon M340 CPU (part numbers BMXP34*): Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*) : Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S): Schneider Electric Modicon Momentum Unity M1E Processor (171CBU*): Schneider Electric Modicon MC80 (BMKC80): Schneider Electric Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*):

Exploit Probability

EPSS
0.37%
Percentile
58.44%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.