CVE-2022-37300
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).
Una CWE-640: Se presenta una vulnerabilidad de Mecanismo de Recuperación de Contraseñas Débiles para Contraseñas Olvidadas que podría causar un acceso no autorizado en modo de lectura y escritura al controlador cuando es comunicado a través de Modbus. Productos afectados: EcoStruxure Control Expert, incluidas todas las versiones de Unity Pro (antiguo nombre de EcoStruxure Control Expert) (V15.0 SP1 y anteriores), EcoStruxure Process Expert, incluidas todas las versiones de EcoStruxure Hybrid DCS (antiguo nombre de EcoStruxure Process Expert) (V2021 y anteriores), Modicon M340 CPU (números de pieza BMXP34*) (V3.40 y anteriores), Modicon M580 CPU (números de pieza BMEP* y BMEH*) (V3.20 y anteriores)
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-01 CVE Reserved
- 2022-09-12 CVE Published
- 2024-04-04 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-640: Weak Password Recovery Mechanism for Forgotten Password
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.se.com/us/en/download/document/SEVD-2022-221-01 | 2022-09-15 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp341000 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000 Firmware" | < 3.50 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000 Firmware" and version " < 3.50" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp341000 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342000 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000 Firmware" | < 3.50 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000 Firmware" and version " < 3.50" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342000 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342010 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342010 Firmware" | < 3.50 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342010 Firmware" and version " < 3.50" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342010 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342010" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420102 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102 Firmware" | < 3.50 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102 Firmware" and version " < 3.50" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420102 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware" | < 3.50 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware" and version " < 3.50" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020h Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020h Firmware" | < 3.50 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020h Firmware" and version " < 3.50" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020h Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020h" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342030 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342030 Firmware" | < 3.50 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342030 Firmware" and version " < 3.50" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342030 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342030" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302 Firmware" | < 3.50 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302 Firmware" and version " < 3.50" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302h Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302h Firmware" | < 3.50 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302h Firmware" and version " < 3.50" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302h Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302h" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342030h Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342030h Firmware" | < 3.50 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342030h Firmware" and version " < 3.50" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342030h Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342030h" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040c Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040c Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040c Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040c Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040s Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040s Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040s Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040s Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040s" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040c Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040c Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040c Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040c Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040s Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040s Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040s Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040s Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040s" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040c Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040c Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040c Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040c Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040s Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040s Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040s Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040s Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040s" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep581020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep581020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep581020h Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020h Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020h Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep581020h Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020h" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582020h Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020h Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020h Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582020h Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020h" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582040h Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040h Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040h Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582040h Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040h" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep583020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep583020 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep583020 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep583020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep583020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep583040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep583040 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep583040 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep583040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep583040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep584020 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584020 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584040s Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040s Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040s Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584040s Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040s" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep585040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep585040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep585040c Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040c Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040c Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep585040c Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep586040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040 Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040 Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep586040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep586040c Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040c Firmware" | < 4.02 Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040c Firmware" and version " < 4.02" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep586040c Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Control Expert Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" | < 15.1 Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" and version " < 15.1" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Process Expert Search vendor "Schneider-electric" for product "Ecostruxure Process Expert" | <= 2021 Search vendor "Schneider-electric" for product "Ecostruxure Process Expert" and version " <= 2021" | - |
Affected
| ||||||