CVE-2022-34762 MEDIUM

CVE-2022-34762

Vendor Schneider Electric
Product OPC UA Modicon Communication Module
Weakness CWE-22 · Path traversal
Published July 13, 2022
Last update September 16, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Key dates

02Disclosure timeline

July 13, 2022 CVE published
September 16, 2024 Record updated