CVE-2022-45788
moderate-risk
Published 2023-01-30
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)
Do I need to act?
-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ HIGH complexity
Affected Products (20)
Ecostruxure Process Expert
Modicon M340 Bmxp342010 Firmware
Modicon M340 Bmxp342020H Firmware
Modicon M340 Bmxp342030 Firmware
Modicon M340 Bmxp3420302H Firmware
Modicon M340 Bmxp342030H Firmware
Modicon M580 Bmeh582040 Firmware
Modicon M580 Bmeh582040C Firmware
Modicon M580 Bmeh582040S Firmware
Modicon M580 Bmeh584040 Firmware
Modicon M580 Bmeh584040C Firmware
Modicon M580 Bmeh584040S Firmware
Modicon M580 Bmeh586040 Firmware
Modicon M580 Bmeh586040C Firmware
Affected Vendors
49
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
1/34 · Minimal
Exposure
26/34 · High