Privilege escalation in Schneider Electric Modicon M340 Cpus
CVE-2022-0222
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* vers…
Vulnerability class: Privilege Escalation
EPSS: 0.006 (42.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Schneider Electric Modicon M340 Cpus — versions BMXP34*
- Schneider Electric Modicon M340 X80 Ethernet Communication Modules: Bmxnoe0100 (H) Bmxnoe0110 Bmxnor0200h Rtu — versions BMXNOE* All Versions, BMXNOR*
- Schneider-electric Modicon_m340_bmxnoe0100
- Schneider-electric Modicon_m340_bmxnoe0100_firmware
- Schneider-electric Modicon_m340_bmxnoe0110
- Schneider-electric Modicon_m340_bmxnoe0110_firmware
- Schneider-electric Modicon_m340_bmxnoe0110h
- Schneider-electric Modicon_m340_bmxnoe0110h_firmware
- Schneider-electric Modicon_m340_bmxnor0200h
- Schneider-electric Modicon_m340_bmxnor0200h_firmware
Weakness classification (CWE)
References
- cybersecurity@se.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2022-0222?
- CVE-2022-0222 is a high-severity vulnerability in Schneider Electric Modicon M340 Cpus, classified under Improper Privilege Management. CVSS score: 7.5/10. Published 2022-11-22.
- How severe is CVE-2022-0222?
- High severity. CVSS v3 base score is 7.5 out of 10.