CVE-2022-24323

Published: Mar 9, 2022Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)

Affected (4)

Products: Schneider Electric: Ecostruxure Control Expert, Ecostruxure Process Expert

Schneider Electric

2 products

Ecostruxure Control Expert

Ecostruxure Process Expert

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Ecostruxure Control Expert	Before 15.0
Schneider Electric Ecostruxure Control Expert	Version 15.0
Schneider Electric Ecostruxure Control Expert	Version 15.0 sp1
Schneider Electric Ecostruxure Process Expert	Up to 2021

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01

Source: cybersecurity@se.com

Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.