CVE-2022-37302

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior).

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.se.com/us/en/download/document/SEVD-2022-221-03/	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:schneider-electric:ecostruxure_control_expert::::::::
	cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.1:-::::::
	cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.1:hf001::::::

History

No history.

Information

Published : 2022-09-13 10:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-37302

Mitre link : CVE-2022-37302

CVE.ORG link : CVE-2022-37302

JSON object : View

Products Affected

schneider-electric

ecostruxure_control_expert

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2022-37302", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-09-13T10:15:10.847", "references": [{"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-03/", "tags": ["Patch", "Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior)."}, {"lang": "es", "value": "Una CWE-119: Se presenta una vulnerabilidad de Restricci\u00f3n Inapropiada de Operaciones dentro de los L\u00edmites de un B\u00fafer de Memoria que podr\u00eda causar un bloqueo del software Control Expert cuando es abierto un archivo de proyecto incorrecto. Productos afectados: EcoStruxure Control Expert (versiones V15.1 HF001 y anteriores)"}], "lastModified": "2022-09-15T19:50:19.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DCC0C29-32C2-4463-B98F-AB4B56FF5314", "versionEndExcluding": "15.1"}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78F6B1CC-488B-48E8-B96B-77A1894E9E92"}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.1:hf001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "957D54EF-4337-4DA6-AAA7-FE1905153A75"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}