Improper Privilege Management in Modicon M340 Ethernet Communication Modules by Schneider Electric
CVE-2022-0222

7.5HIGH

Key Information:

Vendor
Schneider Electric
Status
Modicon M340 CPUs
Modicon M340 X80 Ethernet Communication modules: BMXNOE0100 (H) BMXNOE0110 (H) BMXNOR0200H RTU
Vendor
CVE Published:
22 November 2022

Summary

An improper privilege management vulnerability has been identified in Schneider Electric's Modicon M340 series, which may lead to a denial of service for Ethernet communication. The flaw allows unauthorized users to manipulate SNMP requests, disrupting the communication of the affected controller models. This vulnerability specifically impacts Modicon M340 CPUs and corresponding Ethernet communication modules, making it critical for users to review and patch affected versions.

Affected Version(s)

Modicon M340 CPUs BMXP34*

Modicon M340 X80 Ethernet Communication modules: BMXNOE0100 (H) BMXNOE0110 (H) BMXNOR0200H RTU BMXNOE* All Versions

Modicon M340 X80 Ethernet Communication modules: BMXNOE0100 (H) BMXNOE0110 (H) BMXNOR0200H RTU BMXNOR*

References

https://www.se.com/us/en/download/document/SEVD-2022-102-02/

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.