CVE-2022-34762

Name of the Vulnerable Software and Affected Versions X80 advanced RTU Communication Module (BMENOR2200H) versions V2.01 and later OPC UA Modicon Communication Module (BMENUA0100) versions V1.10 and prior

Description A path traversal vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. This issue is related to improper limitation of a pathname to a restricted directory, which may allow a remote attacker to load malicious software images.

Recommendations For X80 advanced RTU Communication Module (BMENOR2200H) versions V2.01 and later, consider restricting access to the firmware image path to prevent unauthorized image loading until a patch is available. For OPC UA Modicon Communication Module (BMENUA0100) versions V1.10 and prior, consider disabling the ability to add unsigned images to the firmware image path as a temporary workaround until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.