PT-2022-16608 · Schneider Electric · Ecostruxure Control Expert+2

Published

2022-03-09

Updated

2022-03-12

CVE-2022-24323

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions EcoStruxure Process Expert versions V2021 and prior EcoStruxure Control Expert versions V15.0 SP1 and prior

Description A vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data.

Recommendations For EcoStruxure Process Expert versions V2021 and prior, update to a version later than V2021 to resolve the issue. For EcoStruxure Control Expert versions V15.0 SP1 and prior, update to a version later than V15.0 SP1 to resolve the issue.

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

CVE-2022-24323

Affected Products

Ecostruxure Control Expert

Ecostruxure Process Expert

Modicon

PT-2022-16608 · Schneider Electric · Ecostruxure Control Expert+2

CVE-2022-24323

Weakness Enumeration

Related Identifiers

Affected Products

References · 4