CVE-2022-0222

Name of the Vulnerable Software and Affected Versions Modicon M340 CPUs versions prior to V3.40 Modicon M340 X80 Ethernet Communication modules: BMXNOE0100 (H), BMXNOE0110 (H) BMXNOE* all versions BMXNOR* versions prior to v1.7 IR24

Description A vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. This issue is related to improper privilege management. Exploitation of the vulnerability may allow a remote attacker to cause a denial of service by sending specially crafted requests.

Recommendations For Modicon M340 CPUs versions prior to V3.40, update to version V3.40 or later to resolve the issue. For BMXNOE* all versions, consider disabling SNMP access until a patch is available. For BMXNOR* versions prior to v1.7 IR24, update to version v1.7 IR24 or later to resolve the issue. As a temporary workaround, consider restricting access to the SNMP service to minimize the risk of exploitation.