CVE-2022-45789

31.01.2023, 06:15

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
schneider	CNA	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Vendor	Product	Version
schneider-electric	ecostruxure_control_expert	*
schneider-electric	ecostruxure_process_expert	𝑥 ≤ 2020
schneider-electric	modicon_m340_bmxp341000_firmware	*
schneider-electric	modicon_m340_bmxp342000_firmware	*
schneider-electric	modicon_m340_bmxp342010_firmware	-
schneider-electric	modicon_m340_bmxp3420102_firmware	*
schneider-electric	modicon_m340_bmxp342020_firmware	*
schneider-electric	modicon_m340_bmxp342020h_firmware	*
schneider-electric	modicon_m340_bmxp342030_firmware	*
schneider-electric	modicon_m340_bmxp3420302_firmware	*
schneider-electric	modicon_m340_bmxp3420302h_firmware	*
schneider-electric	modicon_m340_bmxp342030h_firmware	*
schneider-electric	modicon_m580_bmep581020_firmware	*
schneider-electric	modicon_m580_bmep581020h_firmware	*
schneider-electric	modicon_m580_bmep582020_firmware	*
schneider-electric	modicon_m580_bmep582020h_firmware	*
schneider-electric	modicon_m580_bmep582040_firmware	*
schneider-electric	modicon_m580_bmep582040h_firmware	*
schneider-electric	modicon_m580_bmep582040s_firmware	*
schneider-electric	modicon_m580_bmep583020_firmware	*
schneider-electric	modicon_m580_bmep583040_firmware	*
schneider-electric	modicon_m580_bmep584020_firmware	*
schneider-electric	modicon_m580_bmep584040_firmware	*
schneider-electric	modicon_m580_bmep584040s_firmware	*
schneider-electric	modicon_m580_bmep585040_firmware	*
schneider-electric	modicon_m580_bmep585040c_firmware	*
schneider-electric	modicon_m580_bmep586040_firmware	*
schneider-electric	modicon_m580_bmep586040c_firmware	*
schneider-electric	modicon_m580_bmeh582040_firmware	*
schneider-electric	modicon_m580_bmeh582040c_firmware	*
schneider-electric	modicon_m580_bmeh582040s_firmware	*
schneider-electric	modicon_m580_bmeh584040_firmware	*
schneider-electric	modicon_m580_bmeh584040c_firmware	*
schneider-electric	modicon_m580_bmeh584040s_firmware	*
schneider-electric	modicon_m580_bmeh586040_firmware	*
schneider-electric	modicon_m580_bmeh586040c_firmware	*
schneider-electric	modicon_m580_bmeh586040s_firmware	*

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-294 - Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf