CVE-2022-45788
Published: Jan 30, 2023
Modified: May 29, 2026
CVSS v3.1
7.5
Description
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)
| Vendor | Product | Versions |
|---|---|---|
Schneider Electric | EcoStruxure Control Expert | affected All Versions |
Schneider Electric | EcoStruxure Process Expert | affected All Versions |
Schneider Electric | Modicon M340 CPU (part numbers BMXP34*) | affected All Versions |
Schneider Electric | Modicon M580 CPU (part numbers BMEP* and BMEH*) | affected All Versions |
Schneider Electric | Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) | affected All Versions |
Schneider Electric | Modicon Momentum Unity M1E Processor (171CBU*) | affected All Versions |
Schneider Electric | Modicon MC80 (BMKC80) | affected All Versions |
Schneider Electric | Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*) | affected All Versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now