Security researchers have uncovered two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow authentication bypass and remote code execution

Created with Sketch.

Security researchers have uncovered two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow authentication bypass and remote code execution

The flaws, listed as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1). Successful exploitation of the bugs could allow a hacker to execute unauthorized code, cause a denial of service, or expose sensitive information.

Details of updates:

• ClearSCADA – all versions

• EcoStruxure Geo SCADA Expert 2019, 2020 and 2021 – versions prior to October 2022

• Merten KNX Devices – multiple versions and platforms

• StruxureWare Data Center Expert – versions 7.9.2 and prior

https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

Leave a Reply

Your email address will not be published. Required fields are marked *

    © 2023 Cybecs

    Skip to content