VDB
CVE-2022-37302
CVE-2022-37302
PUBLISHED
CVSS 5.5 MEDIUM
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior).
EPSS 0.13% · 31.9th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.13%
31.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | ecostruxure_control_expert | 0, 15.1, 15.1 |
| Schneider Electric | EcoStruxure Control Expert | HF001 |
Exploit Intelligence
Timeline
- Aug 9, 2022 CVE Published
- Sep 14, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 13, 2022 EPSS Score
- Jan 27, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 13, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 11, 2023 EPSS Score
- Jul 26, 2023 EPSS Score
- Sep 9, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SESB-2021-347-01_Apache_Log4j_Log4Shell_Vulnerabilities_Security_Notification_V14.0.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2019-281-02_Modicon_Controllers_Security_Notification_V3.0.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-01_EcoStruxure_Control_Expert_Modicon580_Security_Notification_V1.1.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules_Security_Notification_V3.0.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V10.0.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-03_EcoStruxure_Control_Expert_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V1.1.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V3.0.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-222-04_Modicon_PAC_Controllers_PLC_Simulator_Control_Expert_Process_Expert_Security_Notification_V2.0.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340_Security_Notifcation_V4.0.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification_V1.1.pdf advisory
- https://www.se.com/us/en/download/document/SEVD-2022-221-03/ url
- https://nvd.nist.gov/vuln/detail/CVE-2022-37302 advisory
- https://www.se.com/us/en/download/document/SEVD-2022-221-03 url