Unrated severityNVD Advisory· Published Jan 30, 2023· Updated Feb 5, 2025

CVE-2022-45788

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)

Affected products

Schneider Electric/Modicon M340 CPUsllm-fuzzy
Schneider Electric/EcoStruxure Control Expertllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: All Versions
Schneider Electric/EcoStruxure Process Expertllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: All Versions
Schneider Electric/Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*)v5
Range: All Versions
Schneider Electric/Modicon M340 CPU (part numbers BMXP34*)v5
Range: All Versions
Schneider Electric/Modicon M580 CPU (part numbers BMEP* and BMEH*)v5
Range: All Versions
Schneider Electric/Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)v5
Range: All Versions
Schneider Electric/Modicon MC80cpe-rescue
Range: All Versions
Schneider Electric/Modicon Momentum Unity M1E Processor (171CBU*)v5
Range: All Versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

download.schneider-electric.com/filesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000