Skip to main content

Modicon M340 Bmx P34 2010 Firmware CVE-2022-37301

HIGH
Integer Underflow (CWE-191)
2022-11-22 cybersecurity@se.com
Integer Overflow Denial Of Service Modicon M340 Bmx P34 2010 Firmware Modicon M340 Bmx P34 2030 Firmware Modicon M580 Bmeh582040 Firmware Modicon M580 Bmeh582040C Firmware Modicon M580 Bmeh582040S Firmware Modicon M580 Bmeh584040 Firmware Modicon M580 Bmeh584040C Firmware Modicon M580 Bmeh584040S Firmware Modicon M580 Bmeh586040 Firmware Modicon M580 Bmeh586040C Firmware Modicon M580 Bmeh586040S Firmware Modicon M580 Bmep581020 Firmware Modicon M580 Bmep581020H Firmware Modicon M580 Bmep582020 Firmware Modicon M580 Bmep582020H Firmware Modicon M580 Bmep582040 Firmware Modicon M580 Bmep582040H Firmware Modicon M580 Bmep582040S Firmware Modicon M580 Bmep583020 Firmware Modicon M580 Bmep583040 Firmware Modicon M580 Bmep584020 Firmware Modicon M580 Bmep584040 Firmware Modicon M580 Bmep584040S Firmware Modicon M580 Bmep585040 Firmware Modicon M580 Bmep585040C Firmware Modicon M580 Bmep586040 Firmware Modicon M580 Bmep586040C Firmware Modicon Mc80 Bmkc8020301 Firmware Modicon Mc80 Bmkc8020310 Firmware Modicon Mc80 Bmkc8030311 Firmware Modicon Momentum 171Cbu78090 Firmware Modicon Momentum 171Cbu98090 Firmware Modicon Momentum 171Cbu98091 Firmware Modicon Premium Tsxp57 1634M Firmware Modicon Premium Tsxp57 2634M Firmware Modicon Premium Tsxp57 2834M Firmware Modicon Premium Tsxp57 454M Firmware Modicon Premium Tsxp57 4634M Firmware Modicon Premium Tsxp57 554M Firmware Modicon Premium Tsxp57 5634M Firmware Modicon Premium Tsxp57 6634M Firmware Modicon Quantum 140Cpu65150 Firmware Modicon Quantum 140Cpu65150C Firmware Modicon Quantum 140Cpu65160 Firmware Modicon Quantum 140Cpu65160C Firmware Modicon Quantum 140Noc78100 Firmware Modicon Quantum 140Noe77101 Firmware Modicon Quantum 140Noe77111 Firmware
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 22, 2022 - 12:15 nvd
HIGH 7.5

DescriptionNVD

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)

AnalysisAI

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-191. A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior) Affected products include: Schneider-Electric Modicon M340 Bmx P34-2010 Firmware, Schneider-Electric Modicon M340 Bmx P34-2030 Firmware, Schneider-Electric Modicon M580 Bmeh582040 Firmware, Schneider-Electric Modicon M580 Bmeh582040C Firmware, Schneider-Electric Modicon M580 Bmeh582040S Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2022-37301 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy