CVE-2022-37301

CVSS 7.5 · High EPSS 0.54% · P68 Updated Apr 29, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-37301

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

整数下溢(超界折返)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Schneider Electric Modicon M340 数字错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Schneider Electric Modicon M340是法国施耐德电气（Schneider Electric）公司的一款用于工业过程和基础设施的中程PLC（可编程逻辑控制器）。 Schneider Electric Modicon M340 存在数字错误漏洞，该漏洞源于内存访问违规。以下产品及版本受到影响：Modicon M340 CPU (BMXP34* V3.40版本及之前版本)、Modicon M580 CPU (BMEP* 和 BMEH* V3.22版本及之前版本)、Legacy Modi

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Schneider Electric	Modicon M340 CPU (part numbers BMXP34*)	V ~ 3.40	-
Schneider Electric	Modicon M580 CPU (part numbers BMEP* and BMEH*)	V ~ 3.22	-
Schneider Electric	Legacy Modicon Quantum/Premium	All Versions	-
Schneider Electric	Modicon Momentum MDI (171CBU*)	All Versions	-
Schneider Electric	Modicon MC80 (BMKC80)	V ~ 1.7	-

II. Public POCs for CVE-2022-37301

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-37301

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Modicon M340 CPU (part numbers BMXP34*)

Same vendor: Schneider Electric

Same weakness: CWE-191

V. Comments for CVE-2022-37301

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-37301

I. Basic Information for CVE-2022-37301

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-37301

III. Intelligence Information for CVE-2022-37301

IV. Related Vulnerabilities

V. Comments for CVE-2022-37301

Leave a comment