CVE-2022-37300

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert versions V15.0 SP1 and prior EcoStruxure Process Expert versions V2021 and prior Modicon M340 CPU versions V3.40 and prior Modicon M580 CPU versions V3.20 and prior

Description A Weak Password Recovery Mechanism for Forgotten Password issue exists, potentially allowing unauthorized access in read and write mode to the controller when communicating over Modbus. This could enable a remote attacker to gain access.

Recommendations For EcoStruxure Control Expert versions V15.0 SP1 and prior, consider disabling the password recovery mechanism until a patch is available. For EcoStruxure Process Expert versions V2021 and prior, restrict access to the Modbus protocol to minimize the risk of exploitation. For Modicon M340 CPU versions V3.40 and prior, avoid using the default password and consider changing it to a stronger one. For Modicon M580 CPU versions V3.20 and prior, limit remote access to the controller until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.