{"id": "CVE-2022-0222", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-11-22T13:15:10.113", "references": [{"url": "https://www.se.com/us/en/download/document/SEVD-2022-102-02/", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)"}, {"lang": "es", "value": "Existe una vulnerabilidad CWE-269: Gesti\u00f3n de privilegios inadecuada que podr\u00eda provocar una Denegaci\u00f3n de Servicio (DoS) de la comunicaci\u00f3n Ethernet del controlador al enviar una solicitud espec\u00edfica a trav\u00e9s de SNMP. Productos afectados: CPU Modicon M340 (versiones BMXP34* anteriores a V3.40), m\u00f3dulos de comunicaci\u00f3n Ethernet Modicon M340 X80: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU (BMXNOE* todas las versiones) (versiones BMXNOR* anteriores a v1. 7IR24)"}], "lastModified": "2022-11-30T20:38:37.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB94CE0B-D2AE-4AD5-9BB3-FF73F3F081F0", "versionEndExcluding": "3.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8E4C660-7603-47D4-A0E4-D8755B1C84CC", "versionEndExcluding": "3.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0594267D-0107-4E43-A783-7C557779E944", "versionEndExcluding": "3.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4C75AF4-DB31-491B-8635-E7E0E3614476", "versionEndExcluding": "3.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6360DC2-1801-412F-867A-D8C62BC0E2A4", "versionEndExcluding": "3.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C34A2C5B-731C-4809-9FE8-3D897AD9A3F8", "versionEndExcluding": "3.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "708E8DA4-1D49-4B68-A626-8E936C054B33", "versionEndExcluding": "3.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "769B8B46-3965-43C0-8049-A6D786E82FAB", "versionEndExcluding": "3.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEB5579A-5AB3-40CD-9C22-96207696BB32", "versionEndExcluding": "3.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFFEE13B-685A-4590-839D-A32A98D4C012", "versionEndExcluding": "3.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnoe0100_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF09AE3B-C3D4-4519-9F79-0516C738EDB2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnoe0100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E7CAD05-06C7-4B77-9466-1581ACAD4416"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnoe0110_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CCF6254-7166-430C-B969-96EB54C81330"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnoe0110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE2953A1-873B-4784-8353-6CD92FD2A558"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnoe0110h_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DF9AB98-F2A7-4A74-9850-9B2C6F8CD17D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnoe0110h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F2DDD4B-074E-4D36-8813-9B982D5C08BD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnor0200h_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2D556F4-B7B8-4F75-973A-3192F880DA09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnor0200h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C597244C-325F-4F6F-84B4-193CD299B3EF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}