Unrated severityNVD Advisory· Published Sep 12, 2022· Updated Aug 3, 2024

CVE-2022-37300

Description

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).

Affected products

Schneider Electric/EcoStruxure Control Expertcpe-rescue
Range: SP1
Schneider Electric/EcoStruxure Process Expertcpe-rescue
Range: V
Schneider Electric/Modicon M340cpe-rescue
Range: BMXP34
Schneider Electric/Modicon M580 CPUcpe-rescue
Range: BMEP

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.se.com/us/en/download/document/SEVD-2022-221-01/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000