CVE-2022-45789

Published: Jan 31, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)

Affected (37)

Schneider Electric

37 products

Ecostruxure Control Expert

Ecostruxure Process Expert

Modicon M340 Bmxp341000 Firmware

Modicon M340 Bmxp342000 Firmware

Modicon M340 Bmxp342010 Firmware

Modicon M340 Bmxp3420102 Firmware

Modicon M340 Bmxp342020 Firmware

Modicon M340 Bmxp342020h Firmware

Modicon M340 Bmxp342030 Firmware

Modicon M340 Bmxp3420302 Firmware

Modicon M340 Bmxp3420302h Firmware

Modicon M340 Bmxp342030h Firmware

Modicon M580 Bmep581020 Firmware

Modicon M580 Bmep581020h Firmware

Modicon M580 Bmep582020 Firmware

Modicon M580 Bmep582020h Firmware

Modicon M580 Bmep582040 Firmware

Modicon M580 Bmep582040h Firmware

Modicon M580 Bmep582040s Firmware

Modicon M580 Bmep583020 Firmware

Modicon M580 Bmep583040 Firmware

Modicon M580 Bmep584020 Firmware

Modicon M580 Bmep584040 Firmware

Modicon M580 Bmep584040s Firmware

Modicon M580 Bmep585040 Firmware

Modicon M580 Bmep585040c Firmware

Modicon M580 Bmep586040 Firmware

Modicon M580 Bmep586040c Firmware

Modicon M580 Bmeh582040 Firmware

Modicon M580 Bmeh582040c Firmware

Modicon M580 Bmeh582040s Firmware

Modicon M580 Bmeh584040 Firmware

Modicon M580 Bmeh584040c Firmware

Modicon M580 Bmeh584040s Firmware

Modicon M580 Bmeh586040 Firmware

Modicon M580 Bmeh586040c Firmware

Modicon M580 Bmeh586040s Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Ecostruxure Control Expert	All versions
Schneider Electric Ecostruxure Process Expert	Up to 2020

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Bmxp341000 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340 Bmxp341000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Bmxp342000 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340 Bmxp342000	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Bmxp342010 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340 Bmxp342010	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Bmxp3420102 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340 Bmxp3420102	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Bmxp342020 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340 Bmxp342020	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Bmxp342020h Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340 Bmxp342020h	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Bmxp342030 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340 Bmxp342030	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Bmxp3420302 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340 Bmxp3420302	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Bmxp3420302h Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340 Bmxp3420302h	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Bmxp342030h Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340 Bmxp342030h	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep581020 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep581020	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep581020h Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep581020h	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep582020 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep582020	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep582020h Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep582020h	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep582040 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep582040	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep582040h Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep582040h	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep582040s Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep582040s	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep583020 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep583020	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep583040 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep583040	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep584020 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep584020	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep584040 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep584040	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep584040s Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep584040s	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep585040 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep585040	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep585040c Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep585040c	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep586040 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep586040	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmep586040c Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmep586040c	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmeh582040 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmeh582040	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmeh582040c Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmeh582040c	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmeh582040s Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmeh582040s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmeh584040 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmeh584040	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmeh584040c Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmeh584040c	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmeh584040s Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmeh584040s	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmeh586040 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmeh586040	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmeh586040c Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmeh586040c	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Bmeh586040s Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580 Bmeh586040s	All versions

Related CWEs

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.