Modbus Auth Bypass in Schneider Electric EcoStruxure Control Expert
CVE-2022-45789 Published on January 31, 2023

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)

NVD

Vulnerability Analysis

CVE-2022-45789 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.


Products Associated with CVE-2022-45789

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-45789 are published in these products:

Schneider Electric Ecostruxure Control Expert
 
Schneider Electric Ecostruxure Process Expert
 

Affected Versions

Schneider Electric EcoStruxure Control Expert : Schneider Electric EcoStruxure Process Expert: Schneider Electric Modicon M340 CPU (part numbers BMXP34*): Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*) : Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S):

Exploit Probability

EPSS
0.06%
Percentile
19.78%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.