CVE-2022-45788
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-45788
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对因果或异常条件的不恰当检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
Schneider Electric EcoStruxure Control Expert 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Schneider Electric EcoStruxure Control Expert(前称Unity Pro)是法国施耐德电气(Schneider Electric)公司的一套用于Schneider Electric逻辑控制器产品的编程软件。 Schneider Electric EcoStruxure Control Expert 存在代码问题漏洞,该漏洞源于对异常或异常情况检查不当,当恶意项目文件加载到控制器时,可能会导致任意代码执行、拒绝服务以及机密性和完整性丢失。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Schneider Electric | EcoStruxure Control Expert | All Versions | - | |
| Schneider Electric | EcoStruxure Process Expert | All Versions | - | |
| Schneider Electric | Modicon M340 CPU (part numbers BMXP34*) | All Versions | - | |
| Schneider Electric | Modicon M580 CPU (part numbers BMEP* and BMEH*) | All Versions | - | |
| Schneider Electric | Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) | All Versions | - | |
| Schneider Electric | Modicon Momentum Unity M1E Processor (171CBU*) | All Versions | - | |
| Schneider Electric | Modicon MC80 (BMKC80) | All Versions | - | |
| Schneider Electric | Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*) | All Versions | - |
II. Public POCs for CVE-2022-45788
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-45788
请登录查看更多情报信息。
Same Patch Batch · Schneider Electric · 2023-01-30 · 25 CVEs total
| CVE-2022-32529 | 9.8 CRITICAL | Schneider Electric IGSS Data Server 缓冲区错误漏洞 |
| CVE-2022-32527 | 9.8 CRITICAL | Schneider Electric IGSS Data Server 缓冲区错误漏洞 |
| CVE-2022-32513 | 9.8 CRITICAL | Schneider Electric C-Bus Home Automation 安全漏洞 |
| CVE-2022-32514 | 9.8 CRITICAL | Schneider Electric C-Bus多款产品 授权问题漏洞 |
| CVE-2022-32526 | 9.8 CRITICAL | Schneider Electric IGSS Data Server 缓冲区错误漏洞 |
| CVE-2022-32525 | 9.8 CRITICAL | Schneider Electric IGSS Data Server 缓冲区错误漏洞 |
| CVE-2022-32524 | 9.8 CRITICAL | Schneider Electric IGSS Data Server 缓冲区错误漏洞 |
| CVE-2022-32522 | 9.8 CRITICAL | Schneider Electric IGSS Data Server 缓冲区错误漏洞 |
| CVE-2022-32523 | 9.8 CRITICAL | Schneider Electric IGSS Data Server 缓冲区错误漏洞 |
| CVE-2022-32528 | 8.6 HIGH | Schneider Electric IGSS Data Server 访问控制错误漏洞 |
| CVE-2022-32515 | 8.6 HIGH | Schneider Electric Conext ComBox 安全漏洞 |
| CVE-2022-32747 | 8.0 HIGH | Schneider Electric EcoStruxure Cybersecurity Admin Expert 安全漏洞 |
| CVE-2022-32518 | 8.0 HIGH | Schneider Electric StruxureWare Data Center Expert 安全漏洞 |
| CVE-2022-32519 | 8.0 HIGH | Schneider Electric StruxureWare Data Center Expert 安全漏洞 |
| CVE-2022-32520 | 8.0 HIGH | Schneider Electric StruxureWare Data Center Expert 安全漏洞 |
| CVE-2022-32748 | 7.9 HIGH | Schneider Electric EcoStruxure Cybersecurity Admin Expert 信任管理问题漏洞 |
| CVE-2022-32516 | 7.5 HIGH | Schneider Electric Conext ComBox 跨站请求伪造漏洞 |
| CVE-2022-32521 | 7.1 HIGH | Schneider Electric StruxureWare Data Center Expert 代码问题漏洞 |
| CVE-2022-32517 | 6.5 MEDIUM | Schneider Electric Conext ComBox 安全漏洞 |
| CVE-2022-22731 | 6.5 MEDIUM | Schneider Electric EcoStruxure Power Commission 路径遍历漏洞 |
Showing top 20 of 25 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: Schneider Electric
- CVE-2026-2401
Schneider Electric PowerChute Serial Shutdown 日志信息泄露漏洞 - CVE-2026-2400
Schneider Electric PowerChute Serial Shutdown 注入漏洞 - CVE-2026-2403
Schneider Electric PowerChute Serial Shutdown 安全漏洞 - CVE-2026-2405
Schneider Electric PowerChute Serial Shutdown 资源管理错误漏洞 - CVE-2026-2402
Schneider Electric PowerChute Serial Shutdown 安全漏洞
Same weakness: CWE-754
- CVE-2026-41662
Admidio: Missing Minimum Administrator Check in Role Members - CVE-2026-35225
Improper timeout handling in CODESYS EtherNetIP - CVE-2026-35366
uutils coreutils printenv Security Inspection Bypass via UTF - CVE-2026-40343
free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPos - CVE-2026-40249
free5gc UDR fail-open request handling in PolicyDataSubsToNo
V. Comments for CVE-2022-45788
No comments yet