CVE-2022-45788

HIGH

EcoStruxure Control Expert & Modicon Controllers - RCE & DoS via Malicious Project File

Title source: llm
STIX 2.1

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)

Scores

CVSS v3 7.5
EPSS 0.0116
EPSS Percentile 63.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-754
Status published
Products (50)
Schneider Electric/EcoStruxure Control Expert All Versions
Schneider Electric/EcoStruxure Process Expert All Versions
Schneider Electric/Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*) All Versions
Schneider Electric/Modicon M340 CPU (part numbers BMXP34*) All Versions
Schneider Electric/Modicon M580 CPU (part numbers BMEP* and BMEH*) All Versions
Schneider Electric/Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) All Versions
Schneider Electric/Modicon MC80 (BMKC80) All Versions
Schneider Electric/Modicon Momentum Unity M1E Processor (171CBU*) All Versions
schneider-electric/ecostruxure_control_expert
schneider-electric/ecostruxure_process_expert < 2021
... and 40 more
Published Jan 30, 2023
Tracked Since Feb 18, 2026