Vulnerabilites related to schneider-electric - ecostruxure_process_expert
cve-2022-45789
Vulnerability from cvelistv5
Published
2023-01-31 00:00
Modified
2025-02-05 20:07
Severity ?
EPSS score ?
Summary
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | EcoStruxure Control Expert |
Version: All Versions |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:04.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:52:21.864489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:07:07.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Control Expert ",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Process Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M340 CPU (part numbers BMXP34*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU (part numbers BMEP* and BMEH*) ",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)\u003c/p\u003e"
}
],
"value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-Replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T13:48:11.112Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-45789",
"datePublished": "2023-01-31T00:00:00.000Z",
"dateReserved": "2022-11-22T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:07:07.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6409
Vulnerability from cvelistv5
Published
2024-02-14 16:47
Modified
2024-08-02 08:28
Severity ?
EPSS score ?
Summary
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized
access to a project file protected with application password when opening the file with
EcoStruxure Control Expert.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | EcoStruxure Control Expert |
Version: Versions prior to v16.0 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Control Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to v16.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Process Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to v2023"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nCWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized\naccess to a project file protected with application password when opening the file with\nEcoStruxure Control Expert.\n\n"
}
],
"value": "\nCWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized\naccess to a project file protected with application password when opening the file with\nEcoStruxure Control Expert.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T16:47:05.519Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-6409",
"datePublished": "2024-02-14T16:47:05.519Z",
"dateReserved": "2023-11-30T09:53:56.413Z",
"dateUpdated": "2024-08-02T08:28:21.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22780
Vulnerability from cvelistv5
Published
2021-07-14 14:26
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions |
Version: EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T14:26:46",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22780",
"datePublished": "2021-07-14T14:26:46",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37300
Vulnerability from cvelistv5
Published
2022-09-12 17:40
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/us/en/download/document/SEVD-2022-221-01/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | EcoStruxure Control Expert |
Version: SP1 < |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Control Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "15.0",
"status": "affected",
"version": "SP1",
"versionType": "custom"
}
]
},
{
"product": "EcoStruxure Process Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "2021",
"status": "affected",
"version": "V",
"versionType": "custom"
}
]
},
{
"product": "Modicon M340 CPU",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "3.40",
"status": "affected",
"version": "BMXP34",
"versionType": "custom"
}
]
},
{
"product": "Modicon M580 CPU",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "3.20",
"status": "affected",
"version": "BMEP",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.20",
"status": "affected",
"version": "BMEH",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-12T17:40:10",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-37300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Control Expert",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "SP1",
"version_value": "15.0"
}
]
}
},
{
"product_name": "EcoStruxure Process Expert",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V",
"version_value": "2021"
}
]
}
},
{
"product_name": "Modicon M340 CPU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "BMXP34",
"version_value": "3.40"
}
]
}
},
{
"product_name": "Modicon M580 CPU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "BMEP",
"version_value": "3.20"
},
{
"version_affected": "\u003c=",
"version_name": "BMEH",
"version_value": "3.20"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/",
"refsource": "MISC",
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-37300",
"datePublished": "2022-09-12T17:40:10",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:29:20.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27975
Vulnerability from cvelistv5
Published
2024-02-14 16:55
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized
access to the project file in EcoStruxure Control Expert when a local user tampers with the
memory of the engineering workstation.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | EcoStruxure Control Expert |
Version: Versions prior to v16.0 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:31:05.372971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:48.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Control Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to v16.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Process Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to v2023"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nCWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized\naccess to the project file in EcoStruxure Control Expert when a local user tampers with the\nmemory of the engineering workstation.\n\n"
}
],
"value": "\nCWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized\naccess to the project file in EcoStruxure Control Expert when a local user tampers with the\nmemory of the engineering workstation.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T16:55:41.495Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-27975",
"datePublished": "2024-02-14T16:55:41.495Z",
"dateReserved": "2023-03-09T05:25:56.973Z",
"dateUpdated": "2024-08-02T12:23:30.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24323
Vulnerability from cvelistv5
Published
2022-03-09 23:05
Modified
2024-08-03 04:07
Severity ?
EPSS score ?
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)
References
| ▼ | URL | Tags |
|---|---|---|
| https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | EcoStruxure Process Expert |
Version: V2021 and prior |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Process Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V2021 and prior"
}
]
},
{
"product": "EcoStruxure Control Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V15.0 SP1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T23:05:14",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-24323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Process Expert",
"version": {
"version_data": [
{
"version_name": "V2021",
"version_value": "and prior"
}
]
}
},
{
"product_name": "EcoStruxure Control Expert",
"version": {
"version_data": [
{
"version_name": "V15.0 SP1",
"version_value": "and prior"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-24323",
"datePublished": "2022-03-09T23:05:14",
"dateReserved": "2022-02-02T00:00:00",
"dateUpdated": "2024-08-03T04:07:02.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22782
Vulnerability from cvelistv5
Published
2021-07-14 14:26
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions |
Version: EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T14:26:56",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311: Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22782",
"datePublished": "2021-07-14T14:26:56",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22781
Vulnerability from cvelistv5
Published
2021-07-14 14:26
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions |
Version: EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T14:26:51",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22781",
"datePublished": "2021-07-14T14:26:51",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22778
Vulnerability from cvelistv5
Published
2021-07-14 14:26
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions |
Version: EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T14:26:35",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22778",
"datePublished": "2021-07-14T14:26:35",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22779
Vulnerability from cvelistv5
Published
2021-07-14 14:26
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.
References
| ▼ | URL | Tags |
|---|---|---|
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*) |
Version: EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T14:26:41",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22779",
"datePublished": "2021-07-14T14:26:41",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45788
Vulnerability from cvelistv5
Published
2023-01-30 00:00
Modified
2025-02-05 20:07
Severity ?
EPSS score ?
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | EcoStruxure Control Expert |
Version: All Versions |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:04.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:52:24.602959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:07:14.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Control Expert ",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Process Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M340 CPU (part numbers BMXP34*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU (part numbers BMEP* and BMEH*) ",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon Momentum Unity M1E Processor (171CBU*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon MC80 (BMKC80)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality \u0026amp; integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)\u003c/p\u003e"
}
],
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality \u0026 integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T13:43:07.202Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-45788",
"datePublished": "2023-01-30T00:00:00.000Z",
"dateReserved": "2022-11-22T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:07:14.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22797
Vulnerability from cvelistv5
Published
2022-03-28 16:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2021-257-01/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | EcoStruxure Control Expert |
Version: unspecified < V15.0 SP1 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Control Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V15.0 SP1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "EcoStruxure Process Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "2020",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SCADAPack RemoteConnect for x70",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T15:45:24",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Control Expert",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V15.0 SP1"
}
]
}
},
{
"product_name": "EcoStruxure Process Expert",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2020"
}
]
}
},
{
"product_name": "SCADAPack RemoteConnect for x70",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22797",
"datePublished": "2022-03-28T16:25:24",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6408
Vulnerability from cvelistv5
Published
2024-02-14 16:52
Modified
2024-08-02 08:28
Severity ?
EPSS score ?
Summary
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel vulnerability exists that could cause a denial of service and loss of
confidentiality, integrity of controllers when conducting a Man in the Middle attack.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | Modicon M340 CPU (part numbers BMXP34*) |
Version: Versions prior to sv3.60 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modicon_m580_bmep585040_firmware",
"vendor": "schneider-electric",
"versions": [
{
"lessThan": "4.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000h_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modicon_m340_bmxp342030h_firmware",
"vendor": "schneider-electric",
"versions": [
{
"lessThan": "3.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modicon_m580_bmeh586040s_firmware",
"vendor": "schneider-electric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T19:15:41.696437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:36:47.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon M340 CPU (part numbers BMXP34*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to sv3.60"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to sv4.20"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Control Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to v16.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Process Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to v2023"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n"
}
],
"value": "\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-924",
"description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T16:52:24.805Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-6408",
"datePublished": "2024-02-14T16:52:24.805Z",
"dateReserved": "2023-11-30T09:52:30.945Z",
"dateUpdated": "2024-08-02T08:28:21.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26507
Vulnerability from cvelistv5
Published
2022-04-14 12:04
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags |
|---|---|---|
| https://Claroty.com | x_refsource_MISC | |
| https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://Claroty.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT\u0026T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T12:04:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://Claroty.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT\u0026T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://Claroty.com",
"refsource": "MISC",
"url": "https://Claroty.com"
},
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26507",
"datePublished": "2022-04-14T12:04:26",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-07-14 15:15
Modified
2024-11-21 05:50
Severity ?
Summary
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | ecostruxure_control_expert | * | |
| schneider-electric | ecostruxure_control_expert | 15.0 | |
| schneider-electric | ecostruxure_process_expert | * | |
| schneider-electric | remoteconnect | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43140BF9-455B-4E3C-BF5E-BB9BBF9802D2",
"versionEndExcluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A9BF2D84-901E-4D34-941F-FFAB85B0E9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD97669F-93D5-42C4-BFC4-1993867F5911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*",
"matchCriteriaId": "2D7E0B75-171E-4A73-B722-13473CE1B9D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de credenciales insuficientemente protegidas en EcoStruxure Control Expert (todas las versiones anteriores a V15.0 SP1, incluidas todas las versiones de Unity Pro), EcoStruxure Process Expert (todas las versiones, incluidas todas las versiones de EcoStruxure Hybrid DCS) y SCADAPack RemoteConnect for x70, todas las versiones, que podr\u00eda causar una filtraci\u00f3n de credenciales SMTP usadas para la autenticaci\u00f3n del buz\u00f3n cuando un atacante puede acceder a un archivo de proyecto"
}
],
"id": "CVE-2021-22781",
"lastModified": "2024-11-21T05:50:39.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T15:15:08.377",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-31 06:15
Modified
2024-11-21 07:29
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18E8CCC1-A467-4FEF-964D-8481EAE892EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA266030-8BF1-4E8C-BBA0-EC80FBF254C6",
"versionEndIncluding": "2020",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8152BD1B-DB69-4BD0-9DD3-79FC059319B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "104B7AFC-D948-4D3D-90D2-E963371F4392",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7B5B28-99F5-4A94-9D65-204943941047",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D82E3FB5-B40B-4688-86C9-840E17DD32DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F582E2C-D562-44F6-823F-73DEFA3604EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C747D719-51A2-44F5-B940-89D84437DA95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE8D065-BC68-4BE5-972E-2CC2CABA4B9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34CC8BAD-3D4F-4DAD-B8CE-09D0BF4A5E11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6A3F91-28AA-42EE-8C28-0B5E6D9ACA53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C14A07B-E938-43A8-A2AA-65DBEF92AF47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8522888D-3AE6-4199-9CC1-7866DFB467C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49646E6C-381F-495B-A5E8-8F522571D4AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F472ED1-8FE6-43BC-A4FF-E956D17ED427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1315A8-FDEE-487F-BA66-A99745783911",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F543A095-B798-4C5B-A2B6-DF893191EAC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71823B23-C4E6-40EC-AC9C-2EABFDAFE498",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDD13AD-681C-4C7D-82D5-3017FB3BE852",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B782A209-0612-4CA1-8438-6653D75F452C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43B3DF32-480E-4CE1-9396-B33CD5F63A22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA09FB51-0FDC-4457-8ED6-A963CAB97DF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C82569-7D6C-4FD9-B5BB-2E9576FDFB0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC98F7D-BDCC-4CF1-BA80-55EA68C5DDB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7741EA-7955-4FC6-BE64-23EFBB0E3DC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "252FA576-D00F-4BF2-871D-291D209B443C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E51E-B042-4DEF-98CE-C46F381D468C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9E6C74-FAEE-49D3-807B-7F8416C12725",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B182E938-6B50-4F3A-BAF6-AD2637E31E43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C610F17-FD8F-425E-A169-47EA7E6E8A0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "355FFF2A-2B69-4340-AC49-257C0DC63B70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "777E63F4-CC75-4D68-98CC-896C58EBDD5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0ACFD6-D1EE-4C25-A307-2E3FB67F4A20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB46DD56-7A06-428C-97CB-E01C22BC8214",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29482B31-563A-4931-B11E-FDE86F87F25E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D261663-D224-4C92-A3F4-3509CAA78A36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6737F3-F881-4BDC-A4F4-F6F08B88EC1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBCF494-DC4C-4567-A5C8-2C8D93BAF289",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-294: Omisi\u00f3n de autenticaci\u00f3n mediante captura-reproducci\u00f3n que podr\u00eda provocar la ejecuci\u00f3n de funciones Modbus no autorizadas en el controlador al secuestrar una sesi\u00f3n Modbus autenticada. Productos afectados: EcoStruxure Control Expert (todas las versiones), EcoStruxure Process Expert (todas las versiones), CPU Modicon M340 - n\u00fameros de pieza BMXP34* (todas las versiones), CPU Modicon M580 - n\u00fameros de pieza BMEP* y BMEH* (todas las versiones), Modicon M580 Seguridad de la CPU: n\u00fameros de pieza BMEP58*S y BMEH58*S (todas las versiones)"
}
],
"id": "CVE-2022-45789",
"lastModified": "2024-11-21T07:29:43.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-31T06:15:07.920",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 17:15
Modified
2024-12-11 19:33
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized
access to the project file in EcoStruxure Control Expert when a local user tampers with the
memory of the engineering workstation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | ecostruxure_control_expert | * | |
| schneider-electric | ecostruxure_process_expert | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF68269-FEB0-41F0-9127-965AA4ADCC91",
"versionEndExcluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8022AED-42C4-42F5-A30A-45F157D71CA9",
"versionEndExcluding": "2023",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nCWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized\naccess to the project file in EcoStruxure Control Expert when a local user tampers with the\nmemory of the engineering workstation.\n\n"
},
{
"lang": "es",
"value": "CWE-522: Existe una vulnerabilidad de credenciales insuficientemente protegidas que podr\u00eda provocar un acceso no autorizado al archivo del proyecto en EcoStruxure Control Expert cuando un usuario local manipula la memoria de la estaci\u00f3n de trabajo de ingenier\u00eda."
}
],
"id": "CVE-2023-27975",
"lastModified": "2024-12-11T19:33:27.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T17:15:08.700",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-14 15:15
Modified
2024-11-21 05:50
Severity ?
Summary
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43140BF9-455B-4E3C-BF5E-BB9BBF9802D2",
"versionEndExcluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A9BF2D84-901E-4D34-941F-FFAB85B0E9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "939C02B6-B5C5-4F87-8179-4AFFE13FCFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD97669F-93D5-42C4-BFC4-1993867F5911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*",
"matchCriteriaId": "2D7E0B75-171E-4A73-B722-13473CE1B9D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49646E6C-381F-495B-A5E8-8F522571D4AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F472ED1-8FE6-43BC-A4FF-E956D17ED427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1315A8-FDEE-487F-BA66-A99745783911",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F543A095-B798-4C5B-A2B6-DF893191EAC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71823B23-C4E6-40EC-AC9C-2EABFDAFE498",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDD13AD-681C-4C7D-82D5-3017FB3BE852",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B782A209-0612-4CA1-8438-6653D75F452C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43B3DF32-480E-4CE1-9396-B33CD5F63A22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA09FB51-0FDC-4457-8ED6-A963CAB97DF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C82569-7D6C-4FD9-B5BB-2E9576FDFB0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC98F7D-BDCC-4CF1-BA80-55EA68C5DDB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7741EA-7955-4FC6-BE64-23EFBB0E3DC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "252FA576-D00F-4BF2-871D-291D209B443C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E51E-B042-4DEF-98CE-C46F381D468C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9E6C74-FAEE-49D3-807B-7F8416C12725",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B182E938-6B50-4F3A-BAF6-AD2637E31E43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C610F17-FD8F-425E-A169-47EA7E6E8A0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "355FFF2A-2B69-4340-AC49-257C0DC63B70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "777E63F4-CC75-4D68-98CC-896C58EBDD5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0ACFD6-D1EE-4C25-A307-2E3FB67F4A20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB46DD56-7A06-428C-97CB-E01C22BC8214",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29482B31-563A-4931-B11E-FDE86F87F25E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D261663-D224-4C92-A3F4-3509CAA78A36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6737F3-F881-4BDC-A4F4-F6F08B88EC1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBCF494-DC4C-4567-A5C8-2C8D93BAF289",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8152BD1B-DB69-4BD0-9DD3-79FC059319B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4A2D03-6D4E-4ED9-A0CE-3DD681CB6E9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C747D719-51A2-44F5-B940-89D84437DA95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34CC8BAD-3D4F-4DAD-B8CE-09D0BF4A5E11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n por Spoofing en EcoStruxure Control Expert (todas las versiones anteriores a V15.0 SP1, incluyendo todas las versiones de Unity Pro), EcoStruxure Control Expert versi\u00f3n V15.0 SP1, EcoStruxure Process Expert (todas las versiones, incluyendo todas las versiones de EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (todas las versiones), Modicon M580 CPU (todas las versiones - n\u00fameros de parte BMEP* y BMEH*), Modicon M340 CPU (todas las versiones - n\u00fameros de parte BMXP34*), que podr\u00eda causar un acceso no autorizado en modo de lectura y escritura al controlador mediante el spoofing de la comunicaci\u00f3n Modbus entre el software de ingenier\u00eda y el controlador"
}
],
"id": "CVE-2021-22779",
"lastModified": "2024-11-21T05:50:38.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T15:15:08.240",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-14 15:15
Modified
2024-11-21 05:50
Severity ?
Summary
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | ecostruxure_control_expert | * | |
| schneider-electric | ecostruxure_control_expert | 15.0 | |
| schneider-electric | ecostruxure_process_expert | * | |
| schneider-electric | remoteconnect | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43140BF9-455B-4E3C-BF5E-BB9BBF9802D2",
"versionEndExcluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A9BF2D84-901E-4D34-941F-FFAB85B0E9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD97669F-93D5-42C4-BFC4-1993867F5911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*",
"matchCriteriaId": "2D7E0B75-171E-4A73-B722-13473CE1B9D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Credenciales Insuficientemente Protegidas en EcoStruxure Control Expert (todas las versiones anteriores a V15.0 SP1, incluyendo todas las versiones de Unity Pro), EcoStruxure Process Expert (todas las versiones, incluyendo todas las versiones de EcoStruxure Hybrid DCS), y SCADAPack RemoteConnect for x70, todas las versiones, que podr\u00eda causar un acceso no autorizado a un archivo de proyecto protegido por una contrase\u00f1a cuando este archivo se comparte con fuentes no confiables. Un atacante podr\u00eda omitir la protecci\u00f3n por contrase\u00f1a y ser capaz de visualizar y modificar un archivo de proyecto"
}
],
"id": "CVE-2021-22780",
"lastModified": "2024-11-21T05:50:39.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T15:15:08.307",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-30 13:15
Modified
2024-11-21 07:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18E8CCC1-A467-4FEF-964D-8481EAE892EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB4A9EC-96A2-424D-A858-162E662EBEFB",
"versionEndExcluding": "2021",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC4B64B-CF0F-46CE-91FB-6A320F83B190",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64041ACC-0BF1-45F7-B1AB-6C836BD606BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7B5B28-99F5-4A94-9D65-204943941047",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D597D553-9E36-453A-8C82-FCBB38E6DE49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B88FC3-8FD3-4A2F-A2F0-BE6E29CB7D4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86AA8980-5D94-4B49-858C-E24290AE8D36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90674B8F-C4BD-46AF-A86D-A01531074FB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8EA70F-DD0C-4835-AA65-2B826807756B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E85D90-A4B8-46B9-B654-84CD68FCF658",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDA1A8F-6AAF-4D09-9DB4-FACAB918963C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F86533A-406B-4910-B7D2-B378E8872756",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47004801-3437-4484-AD19-6CC304783744",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF50AC83-B422-4B6A-99B2-03A8DA8D191D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC42A466-5909-4D9B-B243-D86C7AFC0141",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F30A43E-77DB-4015-BCB9-8C491642C51D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B78759C-F64C-404D-B161-7A27721B9661",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "832C2EFD-1D6F-4229-B17D-E94F64E8AC35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC9304A-6730-41FA-86D8-900661D66A1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59504A45-62E8-4C7B-AE03-2C0E8BBF1534",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FFCF8C-AD13-4505-857A-D7948C83E509",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F55BE-861F-46B1-9B8F-B9081984E087",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8053B00-018B-4350-A51C-609F45BD158E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3497D351-5CF2-42DB-82E0-BCA418998EB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA3EED4-A7A9-4F7C-9B82-BCC21350DEC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4742CA0B-D062-4A75-AB60-4E11043F741D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F44EA1CC-2DF4-496E-A892-E47E94861B45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CFF8FE-21DE-4F9F-9FEA-4EB5184C3353",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03E33BBC-D1C1-482D-A4E3-093BED191EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1AD7B8-8F43-4B58-986E-ECBEFE514CC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31E97992-1012-4848-B3A5-54642B365B78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A80A200E-2DC9-4FE8-A685-22DC6F8333A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F2213C-CB04-4A45-BA1E-CD8FC89BB294",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D69E5723-590F-4CF6-8C13-9565EAB2522A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B17D236-B8E5-4340-94BB-0B68B6F76255",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8A9E71-0828-4438-8531-D7C577C63BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu78090_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B26E867-5C0E-413E-B733-6865347C2140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98090_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA5F1B5-FEC3-458B-B411-AC19E90E2973",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98091_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49247DB1-4B53-480B-B7BB-A0E37613E3D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020301_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83AFD695-E028-405A-B6CE-4AEAD55B676F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020310_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF5C51E-658E-497E-AF66-531C6337D8C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8030311_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DF7857-E543-46E4-AFC3-585BEA9E5B21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*",
"matchCriteriaId": "026D5E27-E50D-4614-A3EB-C54150C85572",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF686D3D-B614-41D1-A023-3DA76B296601",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3446A5-69F7-4270-93E2-CD5614970698",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "520D0A9C-ACC9-4FDD-93F5-DD807BA3C4DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08FE0C5D-3132-48AD-92EB-B7C4277C1FAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BF8361-6FA9-46A1-93B3-3CC269935F50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD3F1B7C-7972-463E-930E-F359A402DAF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B77E0F-CC13-42B6-AF46-556FB02BA4CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9D2D4D-558B-424E-AB04-429C83F06DB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_1634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D930A5-787A-48FD-BFA2-4D1BC70C9224",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_2634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80937C5F-5962-46D3-8BA2-1650CAC6DC0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39E46898-7206-45C1-9A93-729B5905EF38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_2834m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "695475B9-A4A4-4218-8D21-71797A0F1F10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_454m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B787E978-0842-4385-9ADD-6CA947A6F697",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32B611B6-1138-40DF-848A-A4A10E1DB0F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_4634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1788D10E-11FB-4EF1-9B57-89A2EF3A4576",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_554m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C613326A-E313-4B3F-ADF7-128B3A904422",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4479C318-EE74-4338-B172-EC13D4D62246",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_5634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC92C16-6212-4D20-B478-98D538C2FCCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98A25B72-B3A9-4717-8AA9-B164226DF9D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_6634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F0A61F-37A4-43C9-BC78-296C9AF08341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "889E9E8B-688E-420E-9A99-AB64BA7ABCDC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality \u0026 integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-754: Comprobaci\u00f3n inadecuada de condiciones inusuales o excepcionales que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario, denegaci\u00f3n de servicio y p\u00e9rdida de confidencialidad y seguridad. integridad cuando se carga un archivo de proyecto malicioso en el controlador. Productos afectados: EcoStruxure Control Expert (todas las versiones), EcoStruxure Process Expert (todas las versiones), CPU Modicon M340 - n\u00fameros de pieza BMXP34* (todas las versiones), CPU Modicon M580 - n\u00fameros de pieza BMEP* y BMEH* (todas las versiones), Modicon M580 Seguridad de la CPU: n\u00fameros de pieza BMEP58*S y BMEH58*S (todas las versiones), procesador Modicon Momentum Unity M1E - 171CBU* (todas las versiones), Modicon MC80 - BMKC80 (todas las versiones), Modicon Quantum heredado - 140CPU65* y CPU Premium - TSXP57 * (Todas las versiones)"
}
],
"id": "CVE-2022-45788",
"lastModified": "2024-11-21T07:29:43.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-30T13:15:09.310",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-14 15:15
Modified
2024-11-21 05:50
Severity ?
Summary
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | ecostruxure_control_expert | * | |
| schneider-electric | ecostruxure_control_expert | 15.0 | |
| schneider-electric | ecostruxure_process_expert | * | |
| schneider-electric | remoteconnect | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43140BF9-455B-4E3C-BF5E-BB9BBF9802D2",
"versionEndExcluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A9BF2D84-901E-4D34-941F-FFAB85B0E9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD97669F-93D5-42C4-BFC4-1993867F5911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*",
"matchCriteriaId": "2D7E0B75-171E-4A73-B722-13473CE1B9D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de falta de encriptaci\u00f3n de datos confidenciales en EcoStruxure Control Expert (todas las versiones anteriores a V15.0 SP1, incluyendo todas las versiones de Unity Pro), EcoStruxure Process Expert (todas las versiones, incluyendo todas las versiones de EcoStruxure Hybrid DCS), y SCADAPack RemoteConnect for x70, todas las versiones, que podr\u00eda causar una filtraci\u00f3n de informaci\u00f3n permitiendo la divulgaci\u00f3n de informaci\u00f3n de red y de proceso, credenciales o propiedad intelectual cuando un atacante puede acceder a un archivo de proyecto"
}
],
"id": "CVE-2021-22782",
"lastModified": "2024-11-21T05:50:39.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T15:15:08.447",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-12 18:15
Modified
2024-11-21 07:14
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | https://www.se.com/us/en/download/document/SEVD-2022-221-01/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.se.com/us/en/download/document/SEVD-2022-221-01/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCC0C29-32C2-4463-B98F-AB4B56FF5314",
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E122BBC5-DF05-4449-826A-070B128D8BBE",
"versionEndIncluding": "2021",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB94CE0B-D2AE-4AD5-9BB3-FF73F3F081F0",
"versionEndExcluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E4C660-7603-47D4-A0E4-D8755B1C84CC",
"versionEndExcluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0594267D-0107-4E43-A783-7C557779E944",
"versionEndExcluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C75AF4-DB31-491B-8635-E7E0E3614476",
"versionEndExcluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6360DC2-1801-412F-867A-D8C62BC0E2A4",
"versionEndExcluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C34A2C5B-731C-4809-9FE8-3D897AD9A3F8",
"versionEndExcluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "708E8DA4-1D49-4B68-A626-8E936C054B33",
"versionEndExcluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "769B8B46-3965-43C0-8049-A6D786E82FAB",
"versionEndExcluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB5579A-5AB3-40CD-9C22-96207696BB32",
"versionEndExcluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFEE13B-685A-4590-839D-A32A98D4C012",
"versionEndExcluding": "3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "745D3106-80E9-4350-9C79-E4B9FA77D775",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35661AEB-E386-4574-86A2-D2BEC19D9B5A",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B740450-E707-4464-B60B-22C70FC40ECD",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "630B4FCE-4284-49C1-898E-E6ADFE174E9B",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A727FEA3-40BC-45A3-9D0B-7FF12A914140",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8219A561-CDE9-4385-AB16-805CB74A8DCD",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1C426D-B67A-4D5A-9494-3F7B184660AD",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCA3AEB-E10A-4F26-B430-7BA4D49678EE",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065FFEE6-138C-4865-BBDF-64A482F51DD2",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0D3F3C-2A1F-4B90-8DA7-815715271F8C",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4FFDB6-F5B3-4CD8-874F-37D7E4F2571B",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48AB766B-EAFE-48C1-911D-F60466F446DF",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B27484B-E321-4026-8C66-12AFFEFB6100",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1831C033-653A-44A8-969A-D7D9D21AF1FC",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E0382-FE2F-4FE0-BDF5-295C8C7AECC9",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A26483B-944A-4A95-A54C-3A8CB95C33F7",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69AB6BD3-D791-468C-A0DC-D62C2D07A970",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "482E022D-F08C-487F-AA42-AB199A6456B3",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6990D04-52CE-4B58-A711-CB4612B2EE53",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F817C7DD-DCB3-4696-8D1A-CE94E097EA28",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C963704-2DE5-4C6A-9678-E4EEAA06C535",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88A1D080-7D0E-4094-811C-CF5252FB36BF",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8708E15-0E65-420C-B7FF-34DD22C24CDE",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "636EA58C-6310-403E-BB20-74491651EF73",
"versionEndExcluding": "4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)."
},
{
"lang": "es",
"value": "Una CWE-640: Se presenta una vulnerabilidad de Mecanismo de Recuperaci\u00f3n de Contrase\u00f1as D\u00e9biles para Contrase\u00f1as Olvidadas que podr\u00eda causar un acceso no autorizado en modo de lectura y escritura al controlador cuando es comunicado a trav\u00e9s de Modbus. Productos afectados: EcoStruxure Control Expert, incluidas todas las versiones de Unity Pro (antiguo nombre de EcoStruxure Control Expert) (V15.0 SP1 y anteriores), EcoStruxure Process Expert, incluidas todas las versiones de EcoStruxure Hybrid DCS (antiguo nombre de EcoStruxure Process Expert) (V2021 y anteriores), Modicon M340 CPU (n\u00fameros de pieza BMXP34*) (V3.40 y anteriores), Modicon M580 CPU (n\u00fameros de pieza BMEP* y BMEH*) (V3.20 y anteriores)"
}
],
"id": "CVE-2022-37300",
"lastModified": "2024-11-21T07:14:42.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-12T18:15:08.980",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-14 15:15
Modified
2024-11-21 05:50
Severity ?
Summary
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | ecostruxure_control_expert | * | |
| schneider-electric | ecostruxure_control_expert | 15.0 | |
| schneider-electric | ecostruxure_process_expert | * | |
| schneider-electric | remoteconnect | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43140BF9-455B-4E3C-BF5E-BB9BBF9802D2",
"versionEndExcluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A9BF2D84-901E-4D34-941F-FFAB85B0E9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD97669F-93D5-42C4-BFC4-1993867F5911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*",
"matchCriteriaId": "2D7E0B75-171E-4A73-B722-13473CE1B9D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de credenciales insuficientemente protegidas en EcoStruxure Control Expert (todas las versiones anteriores a V15.0 SP1, incluy\u00e9ndo todas las versiones de Unity Pro), EcoStruxure Process Expert (todas las versiones, incluy\u00e9ndo todas las versiones de EcoStruxure Hybrid DCS) y SCADAPack RemoteConnect for x70, todas las versiones, que podr\u00eda causar una lectura o modificaci\u00f3n de bloques de funci\u00f3n derivados protegidos por parte de usuarios no autorizados cuando se accede a un archivo de proyecto"
}
],
"id": "CVE-2021-22778",
"lastModified": "2024-11-21T05:50:38.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T15:15:08.173",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-14 13:15
Modified
2024-11-21 06:54
Severity ?
Summary
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://Claroty.com | Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02 | Mitigation, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://Claroty.com | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02 | Mitigation, Release Notes, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:att:xmill:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC987F6-AAFA-4CDE-842D-EA7858A3E7F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCC0C29-32C2-4463-B98F-AB4B56FF5314",
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "78F6B1CC-488B-48E8-B96B-77A1894E9E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB4A9EC-96A2-424D-A858-162E662EBEFB",
"versionEndExcluding": "2021",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:remoteconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FFDF36B-30A5-4B35-956C-60DC15CE7EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:scadapack_470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F51A7887-4F1A-428C-9E68-260E7262A678",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:scadapack_474:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58BACC54-6609-4DCE-AEEC-A9C2396635A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:scadapack_570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDF44F3-2514-4CB0-A1A4-87123225B0F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:scadapack_574:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5CDC99-C4C8-43FE-8EA7-65C7EDFD9BA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:scadapack_575:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE4172DF-94E3-4AEE-8D6B-9F48DC453B9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT\u0026T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se presenta un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en XML Decompression DecodeTreeBlock en AT\u0026amp;T Labs Xmill versi\u00f3n 0.7. Un archivo de entrada dise\u00f1ado puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota. Esto no es lo mismo que cualquiera de: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, o CVE-2021-21830. NOTA: Esta vulnerabilidad s\u00f3lo afecta a productos que ya no son soportados por el mantenedor"
}
],
"id": "CVE-2022-26507",
"lastModified": "2024-11-21T06:54:04.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-14T13:15:11.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://Claroty.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Release Notes",
"Third Party Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://Claroty.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Release Notes",
"Third Party Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-09 23:15
Modified
2024-11-21 06:50
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | ecostruxure_control_expert | * | |
| schneider-electric | ecostruxure_control_expert | 15.0 | |
| schneider-electric | ecostruxure_control_expert | 15.0 | |
| schneider-electric | ecostruxure_process_expert | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43140BF9-455B-4E3C-BF5E-BB9BBF9802D2",
"versionEndExcluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A9BF2D84-901E-4D34-941F-FFAB85B0E9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "939C02B6-B5C5-4F87-8179-4AFFE13FCFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E122BBC5-DF05-4449-826A-070B128D8BBE",
"versionEndIncluding": "2021",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)"
},
{
"lang": "es",
"value": "Una CWE-754: Se presenta una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones no Usuales o Excepcionales que podr\u00eda causar una interrupci\u00f3n de la comunicaci\u00f3n entre el controlador Modicon y el software de ingenier\u00eda, cuando un atacante es capaz de interceptar y manipular datos de respuesta Modbus espec\u00edficos. Producto afectado: EcoStruxure Process Expert (versiones V2021 y anteriores), EcoStruxure Control Expert (versiones V15.0 SP1 y anteriores)"
}
],
"id": "CVE-2022-24323",
"lastModified": "2024-11-21T06:50:10.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-09T23:15:07.923",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 17:15
Modified
2025-01-23 19:39
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel vulnerability exists that could cause a denial of service and loss of
confidentiality, integrity of controllers when conducting a Man in the Middle attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A41729-8AC9-44CE-8447-B9E243E4CA7E",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B721B3D-6ADC-4CDE-BA59-5D39F7D0D624",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69222495-4F18-434E-B86C-F63C5A2C1242",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "189E442E-73FA-44B4-9E4F-6167FD095D39",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD51E43-1E3C-4694-A540-9CD5547EC60C",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1BAE8E-B799-4BA1-8860-AA89F72DBCA3",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB57B387-58F4-4D44-883D-82C29F06F300",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3FF83D-6638-4627-B076-14431E931CDB",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB38392-4EF2-435B-BAD2-6EF089381716",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4157F72-10ED-47A0-A90C-39D436302B66",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31CFFD7F-F459-476C-A984-70D5799D1772",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC7DD20-F35D-4329-A4C5-27C67611D9F0",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D81366E4-B0BC-4B93-BC15-4909C6A87F32",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A08E506E-E508-43B2-B332-45951F7FC848",
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612BA6AF-0738-41BA-B67A-320998CC7DEC",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5DDF76-4C99-4FCE-BDB1-DC5FE70D284D",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E86F93-D4A5-41A9-9F4E-2A455D457964",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A551102F-6847-41FB-96A3-B7E412CC14A3",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4F458E-82AB-4AA2-AA98-AF30DA05C094",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24838031-54D3-4B4B-8CCC-D0F3B6B09589",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4094AD89-46E1-426A-8A08-9F56278737DE",
"versionEndExcluding": "4.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F63C5C5-38D7-4FED-81F9-FCF5626A6EBC",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26448C55-91E4-4B50-94DF-B4C874B267AF",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28531D13-A985-49F5-9D6E-1125A764F0EF",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02F14360-9D1F-4EBC-8C87-E0BC1681124D",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BD25F9-6EDF-4554-AA5E-5CD0C56CFC91",
"versionEndExcluding": "4.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF13A654-6195-45A6-BBAB-551F89B2BB36",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "113A6513-8BA8-46AB-859D-FFC55C3D0623",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7C1A1A-3A6E-4095-AD00-395B5CF59B70",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B81D21C-8B25-4710-84D4-E31A4D60DBEF",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62FEA1D5-8094-4C6F-AE53-A8076D17F833",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81423EAF-9BC2-4254-B7CD-A2E5B93DD7CF",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F411C917-26D8-4A3C-9AF8-998E1DBE9611",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0B94C1-1322-49AD-9C87-278A3C517A9E",
"versionEndExcluding": "4.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF0234E-17EE-40CE-AEA3-C46C8B73FE9F",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D28B19E1-2017-49E4-BA7F-7175E97CAD7F",
"versionEndExcluding": "4.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D5ACCA5-1AC6-4B41-909B-43B86808D405",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "274EC4AF-32F7-44DB-9141-4E458A25E4E3",
"versionEndExcluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A834E56-260F-4EF3-8325-903E2C7880F5",
"versionEndExcluding": "4.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020301_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9809A056-81A7-466C-ACB0-2F61308D54C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "503BDD25-2072-4A09-A1C2-AFD977F95B54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AADC7E9-F019-48FD-8E9F-296C32A10AAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8030311_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DF7857-E543-46E4-AFC3-585BEA9E5B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu78090_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFEF1F75-74C7-4AC4-9FDF-0522A1D153A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98090_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D0B0EE-34E9-4D58-B739-4F71FD2E9452",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98091_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0FCEBC-040D-4DB9-AF62-6A736829294F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF68269-FEB0-41F0-9127-965AA4ADCC91",
"versionEndExcluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8022AED-42C4-42F5-A30A-45F157D71CA9",
"versionEndExcluding": "2023",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n"
},
{
"lang": "es",
"value": "CWE-924: Existe una vulnerabilidad en la aplicaci\u00f3n inadecuada de la integridad de los mensajes durante la transmisi\u00f3n en un canal de comunicaci\u00f3n que podr\u00eda causar una denegaci\u00f3n de servicio y p\u00e9rdida de confidencialidad e integridad de los controladores al realizar un ataque Man in the Middle."
}
],
"id": "CVE-2023-6408",
"lastModified": "2025-01-23T19:39:42.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T17:15:11.057",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-924"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-13 16:15
Modified
2024-11-21 05:50
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | https://www.se.com/ww/en/download/document/SEVD-2021-257-01/ | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.se.com/ww/en/download/document/SEVD-2021-257-01/ | Mitigation, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCC0C29-32C2-4463-B98F-AB4B56FF5314",
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB4A9EC-96A2-424D-A858-162E662EBEFB",
"versionEndExcluding": "2021",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:remoteconnect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FFDF36B-30A5-4B35-956C-60DC15CE7EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:scadapack_470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F51A7887-4F1A-428C-9E68-260E7262A678",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:scadapack_474:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58BACC54-6609-4DCE-AEEC-A9C2396635A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:scadapack_570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDF44F3-2514-4CB0-A1A4-87123225B0F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:scadapack_574:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5CDC99-C4C8-43FE-8EA7-65C7EDFD9BA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:scadapack_575:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE4172DF-94E3-4AEE-8D6B-9F48DC453B9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)"
},
{
"lang": "es",
"value": "Una CWE-22: Se presenta una vulnerabilidad de Limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\" Salto de Ruta\") que podr\u00eda causar la implementaci\u00f3n de scripts maliciosos en una ubicaci\u00f3n no autorizada y puede resultar en una ejecuci\u00f3n de c\u00f3digo en la estaci\u00f3n de trabajo de ingenier\u00eda cuando es cargado un archivo de proyecto malicioso en el software de ingenier\u00eda. Producto afectado: EcoStruxure Control Expert (versiones V15.0 SP1 y anteriores, incluido el antiguo Unity Pro), EcoStruxure Process Expert (versiones 2020 y anteriores, incluido el antiguo HDCS), SCADAPack RemoteConnect para x70 (Todas las versiones)"
}
],
"id": "CVE-2021-22797",
"lastModified": "2024-11-21T05:50:41.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T16:15:09.370",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 17:15
Modified
2024-12-11 19:33
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized
access to a project file protected with application password when opening the file with
EcoStruxure Control Expert.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | ecostruxure_control_expert | * | |
| schneider-electric | ecostruxure_process_expert | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF68269-FEB0-41F0-9127-965AA4ADCC91",
"versionEndExcluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8022AED-42C4-42F5-A30A-45F157D71CA9",
"versionEndExcluding": "2023",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nCWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized\naccess to a project file protected with application password when opening the file with\nEcoStruxure Control Expert.\n\n"
},
{
"lang": "es",
"value": "CWE-798: Existe una vulnerabilidad de uso de credenciales codificadas que podr\u00eda causar acceso no autorizado a un archivo de proyecto protegido con contrase\u00f1a de aplicaci\u00f3n al abrir el archivo con EcoStruxure Control Expert."
}
],
"id": "CVE-2023-6409",
"lastModified": "2024-12-11T19:33:54.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T17:15:11.247",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}