var-202211-1389
Vulnerability from variot
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34 versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE all versions)(BMXNOR* versions prior to v1.7 IR24). Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructures from Schneider Electric, France.
Schneider Electric products have an authorization problem vulnerability. This vulnerability stems from improper authority management
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340 bmxp3420302",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.50"
},
{
"model": "modicon m340 bmxp342030h",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.50"
},
{
"model": "modicon m340 bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.50"
},
{
"model": "modicon m340 bmxp342020",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.50"
},
{
"model": "modicon m340 bmxp342020h",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.50"
},
{
"model": "modicon m340 bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342010",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.50"
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.50"
},
{
"model": "modicon m340 bmxp341000",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.50"
},
{
"model": "modicon m340 bmxp342030",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.50"
},
{
"model": "modicon m340 bmxp342000",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.50"
},
{
"model": "modicon m340 bmxnoe0110h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340 cpus \u003cbmxp34*",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "v3.40"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoe0100",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoe0110",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnor0200h rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoe*",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules \u003cbmxnor* v1.7ir24",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86329"
},
{
"db": "NVD",
"id": "CVE-2022-0222"
}
]
},
"cve": "CVE-2022-0222",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-86329",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-0222",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0222",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2022-0222",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-86329",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3299",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86329"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3299"
},
{
"db": "NVD",
"id": "CVE-2022-0222"
},
{
"db": "NVD",
"id": "CVE-2022-0222"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24). Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructures from Schneider Electric, France. \n\r\n\r\nSchneider Electric products have an authorization problem vulnerability. This vulnerability stems from improper authority management",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0222"
},
{
"db": "CNVD",
"id": "CNVD-2022-86329"
},
{
"db": "VULMON",
"id": "CVE-2022-0222"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SCHNEIDER",
"id": "SEVD-2022-102-02",
"trust": 2.3
},
{
"db": "NVD",
"id": "CVE-2022-0222",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2022-86329",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3299",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-0222",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86329"
},
{
"db": "VULMON",
"id": "CVE-2022-0222"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3299"
},
{
"db": "NVD",
"id": "CVE-2022-0222"
}
]
},
"id": "VAR-202211-1389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86329"
}
],
"trust": 1.59891775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86329"
}
]
},
"last_update_date": "2024-08-14T14:17:34.334000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Product Authorization Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/364611"
},
{
"title": "Schneider Electric Modicon M340 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=215779"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86329"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3299"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0222"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.se.com/us/en/download/document/sevd-2022-102-02/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0222/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86329"
},
{
"db": "VULMON",
"id": "CVE-2022-0222"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3299"
},
{
"db": "NVD",
"id": "CVE-2022-0222"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-86329"
},
{
"db": "VULMON",
"id": "CVE-2022-0222"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3299"
},
{
"db": "NVD",
"id": "CVE-2022-0222"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86329"
},
{
"date": "2022-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0222"
},
{
"date": "2022-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3299"
},
{
"date": "2022-11-22T13:15:10.113000",
"db": "NVD",
"id": "CVE-2022-0222"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86329"
},
{
"date": "2022-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0222"
},
{
"date": "2022-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3299"
},
{
"date": "2022-11-30T20:38:37.057000",
"db": "NVD",
"id": "CVE-2022-0222"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3299"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Product Authorization Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86329"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3299"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.