7.5
CVE-2022-37301
- EPSS 0.33%
- Veröffentlicht 22.11.2022 12:15:09
- Zuletzt bearbeitet 21.11.2024 07:14:42
- Quelle cybersecurity@se.com
- Teams Watchlist Login
- Unerledigt Login
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Schneider-electric ≫ Modicon M340 Bmx P34-2010 Firmware Version < 3.50
Schneider-electric ≫ Modicon M340 Bmx P34-2030 Firmware Version < 3.50
Schneider-electric ≫ Modicon M580 Bmeh582040 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmeh582040c Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmeh582040s Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmeh584040 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmeh584040c Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmeh584040s Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmeh586040 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmeh586040c Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmeh586040s Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep581020 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep581020h Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep582020 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep582020h Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep582040 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep582040h Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep582040s Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep583020 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep583040 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep584020 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep584040 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep584040s Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep585040 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep585040c Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep586040 Firmware Version < 4.01
Schneider-electric ≫ Modicon M580 Bmep586040c Firmware Version < 4.01
Schneider-electric ≫ Modicon Mc80 Bmkc8020301 Firmware Version < 1.8
Schneider-electric ≫ Modicon Mc80 Bmkc8020310 Firmware Version < 1.8
Schneider-electric ≫ Modicon Mc80 Bmkc8030311 Firmware Version < 1.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.55 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| cybersecurity@se.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-191 Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.