PT-2022-16607 · Schneider Electric · Ecostruxure Control Expert

Published

2022-03-09

Updated

2022-03-12

CVE-2022-24322

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert versions V15.0 SP1 and prior

Description A memory buffer issue exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data.

Recommendations For EcoStruxure Control Expert versions V15.0 SP1 and prior, update to a version later than V15.0 SP1 to resolve the issue. At the moment, there is no information about other mitigation measures for this specific vulnerability.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2022-24322

Affected Products

Ecostruxure Control Expert

PT-2022-16607 · Schneider Electric · Ecostruxure Control Expert

CVE-2022-24322

Weakness Enumeration

Related Identifiers

Affected Products

References · 4