Vulnerabilities > CVE-2022-24323 - Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

schneider-electric

CWE-754

NVD

Published: 2022-03-09

Updated: 2022-03-12

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Ecostruxure Control Expert 15.0 Schneider Electric Ecostruxure Control Expert - Schneider Electric Ecostruxure Control Expert 14.0 Schneider Electric Ecostruxure Control Expert 14.1 Schneider Electric Ecostruxure Process Expert -	6

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01