CVE-2022-24323

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)

Related CPE's

aschneider-electricecostruxure_control_expert********

aschneider-electricecostruxure_control_expert15.0-******

aschneider-electricecostruxure_control_expert15.0sp1******

aschneider-electricecostruxure_process_expert********

References

N/A

Vendor Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

HIGH

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

5.9

VectorString

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

NONE

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

4.3

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io