PT-2022-4154 · Schneider Electric · Ecostruxure Control Expert
Published
2022-08-09
·
Updated
2022-09-15
·
CVE-2022-37302
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
EcoStruxure Control Expert versions V15.1 HF001 and prior
Description
A memory buffer issue exists that could cause a crash of the Control Expert software when an incorrect project file is opened. The issue is related to improper restriction of operations within the bounds of a memory buffer. Exploitation of this issue may allow a remote attacker to cause a denial of service.
Recommendations
For EcoStruxure Control Expert versions V15.1 HF001 and prior, update to a version later than V15.1 HF001 to resolve the issue.
At the moment, there is no information about other mitigation measures for this issue.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecostruxure Control Expert