CVE-2022-22724

Name of the Vulnerable Software and Affected Versions Modicon M340 CPUs: BMXP34 (All Versions)

Description A denial of service issue exists due to uncontrolled resource consumption. This could be triggered by sending a large number of TCP RST or FIN packets to any open TCP port of the PLC, affecting ports 80 (HTTP) and 502 (Modbus). The issue may allow a remote attacker to cause a denial of service.

Recommendations For Modicon M340 CPUs: BMXP34 (All Versions), consider implementing network traffic filtering to limit the number of TCP RST or FIN packets that can be sent to the device, as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.