CVE-2022-34760 - OpenCVE

A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	X80 Advanced Rtu Module Firmware Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Opc Ua Module For M580

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:opc_ua_module_for_m580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:opc_ua_module_for_m580:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:x80_advanced_rtu_module_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:x80_advanced_rtu_module:-:*:*:*:*:*:*:*

References

Link	Resource
https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2022-07-12T00:00:00

Updated: 2022-07-13T21:10:49

Reserved: 2022-06-28T00:00:00

Link: CVE-2022-34760

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-13T21:15:08.523

Modified: 2022-07-27T23:54:35.777

Link: CVE-2022-34760

JSON object: View

Redhat Information

No data.

CWE

CWE-835

{"containers": {"cna": {"affected": [{"product": "OPC UA Modicon Communication Module", "vendor": "Schneider Electric", "versions": [{"lessThan": "V1.10", "status": "affected", "version": "BMENUA0100", "versionType": "custom"}]}, {"product": "X80 advanced RTU Communication Module", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "BMENOR2200H V1.0 "}]}], "datePublic": "2022-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": " CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-13T21:10:49", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "DATE_PUBLIC": "2022-07-12T11:00:00.000Z", "ID": "CVE-2022-34760", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OPC UA Modicon Communication Module", "version": {"version_data": [{"version_affected": "<", "version_name": "BMENUA0100", "version_value": "V1.10"}]}}, {"product_name": "X80 advanced RTU Communication Module", "version": {"version_data": [{"version_affected": "=", "version_name": "BMENOR2200H", "version_value": "V1.0 "}]}}]}, "vendor_name": "Schneider Electric"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": " CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}]}]}, "references": {"reference_data": [{"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf", "refsource": "MISC", "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2022-34760", "datePublished": "2022-07-12T00:00:00", "dateReserved": "2022-06-28T00:00:00", "dateUpdated": "2022-07-13T21:10:49", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:opc_ua_module_for_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C0FE426-148B-4E23-8434-3E9A3F1943D2", "versionEndIncluding": "1.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:opc_ua_module_for_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C43DE37-0241-4A43-B761-0A1F2D2684A3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:x80_advanced_rtu_module_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4722F6C1-0F6A-4007-A25F-37C68CBEA403", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:x80_advanced_rtu_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDD764FE-9165-41E9-9328-93A519CFDB99", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)"}, {"lang": "es", "value": "Una CWE-835: Se presenta una vulnerabilidad de Bucle con Condici\u00f3n de Salida no Alcanzable (\"Bucle infinito\") que podr\u00eda causar una denegaci\u00f3n de servicio del servidor web debido a un manejo inapropiado de las cookies. Productos afectados: X80 advanced RTU Communication Module (BMENOR2200H) (versi\u00f3n V1.0), OPC UA Modicon Communication Module (BMENUA0100) (versiones V1.10 y anteriores)"}], "id": "CVE-2022-34760", "lastModified": "2022-07-27T23:54:35.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2022-07-13T21:15:08.523", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "cybersecurity@se.com", "type": "Primary"}]}