VDB
CVE-2022-34755
CVE-2022-34755
PUBLISHED
CVSS 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.
EPSS 0.05% · 17.3th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.05%
17.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric | Modicon M580 CPU (part numbers BMEP* and BMEH*) | prior to V4.10 |
| Schneider Electric | Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) | All |
| Schneider Electric | Legacy Modicon Quantum (140CPU65*) | All |
| Schneider Electric | Modicon Momentum Unity M1E Processor (171CBU*) | All |
| Schneider Electric | Legacy Modicon Premium CPUs (TSXP57*) | All |
| Schneider Electric | Modicon M340 CPU (part numbers BMXP34*) | prior to SV3.51 |
| Schneider Electric | Modicon MC80 (BMKC80) | All |
Exploit Intelligence
Timeline
- Apr 11, 2023 CVE Published
- Apr 19, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 3, 2023 EPSS Score
- Aug 9, 2023 EPSS Score
- Sep 16, 2023 EPSS Score
- Oct 23, 2023 EPSS Score
- Nov 30, 2023 EPSS Score
- Jan 6, 2024 EPSS Score
- Feb 13, 2024 EPSS Score
- Mar 21, 2024 EPSS Score
- Apr 28, 2024 EPSS Score
References
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-011-06_CODESYSV3_Runtime_Development_System_and_Gateway_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-06.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-02.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-03.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-01.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf advisory