CVE-2022-37301

Name of the Vulnerable Software and Affected Versions Modicon M340 CPU versions V3.40 and prior Modicon M580 CPU versions V3.22 and prior Legacy Modicon Quantum/Premium (All Versions) Modicon Momentum MDI (171CBU*) (All Versions) Modicon MC80 (BMKC80) versions V1.7 and prior

Description A CWE-191: Integer Underflow (Wrap or Wraparound) issue exists, potentially causing a denial of service due to memory access violations when using the Modbus TCP protocol. This could allow a remote attacker to cause a denial of service.

Recommendations For Modicon M340 CPU versions V3.40 and prior, update to a version later than V3.40 to resolve the issue. For Modicon M580 CPU versions V3.22 and prior, update to a version later than V3.22 to resolve the issue. For Legacy Modicon Quantum/Premium, since all versions are affected and no specific fix is mentioned, consider restricting access to the Modbus TCP protocol until a patch is available. For Modicon Momentum MDI (171CBU*), since all versions are affected and no specific fix is mentioned, consider restricting access to the Modbus TCP protocol until a patch is available. For Modicon MC80 (BMKC80) versions V1.7 and prior, update to a version later than V1.7 to resolve the issue.