// For flags

CVE-2022-24323

 

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)

Una CWE-754: Se presenta una vulnerabilidad de Comprobación Inapropiada de Condiciones no Usuales o Excepcionales que podría causar una interrupción de la comunicación entre el controlador Modicon y el software de ingeniería, cuando un atacante es capaz de interceptar y manipular datos de respuesta Modbus específicos. Producto afectado: EcoStruxure Process Expert (versiones V2021 y anteriores), EcoStruxure Control Expert (versiones V15.0 SP1 y anteriores)

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-02-02 CVE Reserved
  • 2022-03-09 CVE Published
  • 2023-09-30 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Control Expert
Search vendor "Schneider-electric" for product "Ecostruxure Control Expert"
 < 15.0
Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" and version " < 15.0"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Control Expert
Search vendor "Schneider-electric" for product "Ecostruxure Control Expert"
 15.0
Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" and version "15.0"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Control Expert
Search vendor "Schneider-electric" for product "Ecostruxure Control Expert"
 15.0
Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" and version "15.0"
sp1
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Process Expert
Search vendor "Schneider-electric" for product "Ecostruxure Process Expert"
 <= 2021
Search vendor "Schneider-electric" for product "Ecostruxure Process Expert" and version " <= 2021"
-
Affected