Unknown
CVE-2022-45789
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2022-45789
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU – part numbers BMXP34* (All Versions), Modicon M580 CPU – part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety – part numbers BMEP58*S and BMEH58*S (All Versions)
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- ecostruxure control expert
- ecostruxure process expert
- modicon m340 bmxp341000 firmware
- modicon m340 bmxp342000 firmware
- modicon m340 bmxp342010 firmware
- modicon m340 bmxp3420102 firmware
- modicon m340 bmxp342020 firmware
- modicon m340 bmxp342020h firmware
- modicon m340 bmxp342030 firmware
- modicon m340 bmxp3420302 firmware
- modicon m340 bmxp3420302h firmware
- modicon m340 bmxp342030h firmware
- modicon m580 bmeh582040 firmware
- modicon m580 bmeh582040c firmware
- modicon m580 bmeh582040s firmware
- modicon m580 bmeh584040 firmware
- modicon m580 bmeh584040c firmware
- modicon m580 bmeh584040s firmware
- modicon m580 bmeh586040 firmware
- modicon m580 bmeh586040c firmware
- modicon m580 bmeh586040s firmware
- modicon m580 bmep581020 firmware
- modicon m580 bmep581020h firmware
- modicon m580 bmep582020 firmware
- modicon m580 bmep582020h firmware
- modicon m580 bmep582040 firmware
- modicon m580 bmep582040h firmware
- modicon m580 bmep582040s firmware
- modicon m580 bmep583020 firmware
- modicon m580 bmep583040 firmware
- modicon m580 bmep584020 firmware
- modicon m580 bmep584040 firmware
- modicon m580 bmep584040s firmware
- modicon m580 bmep585040 firmware
- modicon m580 bmep585040c firmware
- modicon m580 bmep586040 firmware
- modicon m580 bmep586040c firmware
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
