Description
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)
References (1)
Core 1
Core References
Vendor Advisory
https://www.se.com/us/en/download/document/SEVD-2022-102-02/
Scores
CVSS v3
7.5
EPSS
0.0033
EPSS Percentile
56.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-269
Status
published
Products (14)
schneider-electric/modicon_m340_bmxnoe0100_firmware
schneider-electric/modicon_m340_bmxnoe0110_firmware
schneider-electric/modicon_m340_bmxnoe0110h_firmware
schneider-electric/modicon_m340_bmxnor0200h_firmware
schneider-electric/modicon_m340_bmxp341000_firmware
< 3.50
schneider-electric/modicon_m340_bmxp342000_firmware
< 3.50
schneider-electric/modicon_m340_bmxp3420102_firmware
< 3.50
schneider-electric/modicon_m340_bmxp342010_firmware
< 3.50
schneider-electric/modicon_m340_bmxp342020_firmware
< 3.50
schneider-electric/modicon_m340_bmxp342020h_firmware
< 3.50
... and 4 more
Published
Nov 22, 2022
Tracked Since
Feb 18, 2026