CVE-2022-22724
First published: Fri Feb 04 2022(Updated: )
A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M340 CPUs: BMXP34 (All Versions)
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Modicon M340 Bmxp341000 Firmware | ||
| Schneider-electric Modicon M340 Bmxp341000 | ||
| Schneider-electric Modicon M340 Bmxp342000 Firmware | ||
| Schneider-electric Modicon M340 Bmxp342000 | ||
| Schneider-electric Modicon M340 Bmxp342010 Firmware | ||
| Schneider-electric Modicon M340 Bmxp342010 | ||
| Schneider-electric Modicon M340 Bmxp3420102 Firmware | ||
| Schneider-electric Modicon M340 Bmxp3420102 | ||
| Schneider-electric Modicon M340 Bmxp342030 Firmware | ||
| Schneider-electric Modicon M340 Bmxp342030 | ||
| Schneider-electric Modicon M340 Bmxp3420302 Firmware | ||
| Schneider-electric Modicon M340 Bmxp3420302 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-22724.
What is the severity of CVE-2022-22724?
The severity of CVE-2022-22724 is high (7.5).
What does CVE-2022-22724 involve?
CVE-2022-22724 involves an Uncontrolled Resource Consumption vulnerability that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus) when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC.
Which products are affected by CVE-2022-22724?
The Modicon M340 CPUs with the following firmware versions are affected: BMXP341000, BMXP342000, BMXP342010, BMXP3420102, BMXP342030, BMXP3420302.
How can I fix CVE-2022-22724?
To fix CVE-2022-22724, it is recommended to apply the latest firmware updates provided by Schneider-electric Modicon M340.
- collector/nvd-index
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/weakness
- agent/author
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric modicon m340 bmxp341000 firmware
- canonical/schneider-electric modicon m340 bmxp341000
- canonical/schneider-electric modicon m340 bmxp342000 firmware
- canonical/schneider-electric modicon m340 bmxp342000
- canonical/schneider-electric modicon m340 bmxp342010 firmware
- canonical/schneider-electric modicon m340 bmxp342010
- canonical/schneider-electric modicon m340 bmxp3420102 firmware
- canonical/schneider-electric modicon m340 bmxp3420102
- canonical/schneider-electric modicon m340 bmxp342030 firmware
- canonical/schneider-electric modicon m340 bmxp342030
- canonical/schneider-electric modicon m340 bmxp3420302 firmware
- canonical/schneider-electric modicon m340 bmxp3420302