CVE-2022-45789 · CVEKit

cve.orgen

500 chars

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)

NVDen

500 chars

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)

NVDes

574 chars

Existe una vulnerabilidad CWE-294: Omisión de autenticación mediante captura-reproducción que podría provocar la ejecución de funciones Modbus no autorizadas en el controlador al secuestrar una sesión Modbus autenticada. Productos afectados: EcoStruxure Control Expert (todas las versiones), EcoStruxure Process Expert (todas las versiones), CPU Modicon M340 - números de pieza BMXP34* (todas las versiones), CPU Modicon M580 - números de pieza BMEP* y BMEH* (todas las versiones), Modicon M580 Seguridad de la CPU: números de pieza BMEP58*S y BMEH58*S (todas las versiones)

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.1	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H