9.8
CVE-2022-37300
- EPSS 0.54%
- Published 12.09.2022 18:15:08
- Last modified 21.11.2024 07:14:42
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).
Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Ecostruxure Control Expert Version < 15.1
Schneider-electric ≫ Ecostruxure Process Expert Version <= 2021
Schneider-electric ≫ Modicon M340 Bmxp341000 Firmware Version < 3.50
Schneider-electric ≫ Modicon M340 Bmxp342000 Firmware Version < 3.50
Schneider-electric ≫ Modicon M340 Bmxp342010 Firmware Version < 3.50
Schneider-electric ≫ Modicon M340 Bmxp3420102 Firmware Version < 3.50
Schneider-electric ≫ Modicon M340 Bmxp342020 Firmware Version < 3.50
Schneider-electric ≫ Modicon M340 Bmxp342020h Firmware Version < 3.50
Schneider-electric ≫ Modicon M340 Bmxp342030 Firmware Version < 3.50
Schneider-electric ≫ Modicon M340 Bmxp3420302 Firmware Version < 3.50
Schneider-electric ≫ Modicon M340 Bmxp3420302h Firmware Version < 3.50
Schneider-electric ≫ Modicon M340 Bmxp342030h Firmware Version < 3.50
Schneider-electric ≫ Modicon M580 Bmeh582040 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmeh582040c Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmeh582040s Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmeh584040 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmeh584040c Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmeh584040s Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmeh586040 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmeh586040c Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmeh586040s Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep581020 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep581020h Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep582020 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep582020h Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep582040 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep582040h Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep583020 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep583040 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep584020 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep584040 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep584040s Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep585040 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep585040c Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep586040 Firmware Version < 4.02
Schneider-electric ≫ Modicon M580 Bmep586040c Firmware Version < 4.02
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.668 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cybersecurity@se.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.