#VU78552 Improper Check for Unusual or Exceptional Conditions in Schneider Electric products - CVE-2022-45788
Published: July 24, 2023
Vulnerability identifier: #VU78552
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-45788
CWE-ID: CWE-754
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
EcoStruxure Process Expert
EcoStruxure Control Expert
Modicon M580 CPU Safety
Legacy Modicon Quantum and Premium CPUs
Modicon M340
Modicon M580
Modicon Momentum Unity M1E Processor
Modicon MC80
EcoStruxure Process Expert
EcoStruxure Control Expert
Modicon M580 CPU Safety
Legacy Modicon Quantum and Premium CPUs
Modicon M340
Modicon M580
Modicon Momentum Unity M1E Processor
Modicon MC80
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to improper error handling. A remote attacker can use a specially crafted project file and execute arbitrary code on the target system.
Remediation
Install updates from vendor's website.