CVE-2022-34761 - OpenCVE

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	X80 Advanced Rtu Module Firmware Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Opc Ua Module For M580

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:opc_ua_module_for_m580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:opc_ua_module_for_m580:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:x80_advanced_rtu_module_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:x80_advanced_rtu_module:-:*:*:*:*:*:*:*

References

Link	Resource
https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2022-07-12T00:00:00

Updated: 2022-07-13T21:10:52

Reserved: 2022-06-28T00:00:00

Link: CVE-2022-34761

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-13T21:15:08.577

Modified: 2022-07-27T23:56:09.790

Link: CVE-2022-34761

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "OPC UA Modicon Communication Module", "vendor": "Schneider Electric", "versions": [{"lessThan": "V1.10", "status": "affected", "version": "BMENUA0100", "versionType": "custom"}]}, {"product": "X80 advanced RTU Communication Module", "vendor": "Schneider Electric", "versions": [{"lessThan": "BMENOR2200H*", "status": "affected", "version": "V2.01 ", "versionType": "custom"}]}], "datePublic": "2022-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-13T21:10:52", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "DATE_PUBLIC": "2022-07-12T11:00:00.000Z", "ID": "CVE-2022-34761", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OPC UA Modicon Communication Module", "version": {"version_data": [{"version_affected": "<", "version_name": "BMENUA0100", "version_value": "V1.10"}]}}, {"product_name": "X80 advanced RTU Communication Module", "version": {"version_data": [{"version_affected": ">", "version_name": "BMENOR2200H", "version_value": "V2.01 "}]}}]}, "vendor_name": "Schneider Electric"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-476 NULL Pointer Dereference"}]}]}, "references": {"reference_data": [{"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf", "refsource": "MISC", "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2022-34761", "datePublished": "2022-07-12T00:00:00", "dateReserved": "2022-06-28T00:00:00", "dateUpdated": "2022-07-13T21:10:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:opc_ua_module_for_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C0FE426-148B-4E23-8434-3E9A3F1943D2", "versionEndIncluding": "1.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:opc_ua_module_for_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C43DE37-0241-4A43-B761-0A1F2D2684A3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:x80_advanced_rtu_module_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FA21E71-EF69-48C5-845B-44FA1D65DF20", "versionStartIncluding": "2.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:x80_advanced_rtu_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDD764FE-9165-41E9-9328-93A519CFDB99", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)"}, {"lang": "es", "value": "Una CWE-476: Se presenta una vulnerabilidad de Desreferencia de Puntero NULL que podr\u00eda causar una denegaci\u00f3n de servicio del servidor web cuando es analizado el tipo de contenido JSON. Productos afectados: X80 advanced RTU Communication Module (BMENOR2200H) (versiones V2.01 y posteriores), OPC UA Modicon Communication Module (BMENUA0100) (versiones V1.10 y anteriores)"}], "id": "CVE-2022-34761", "lastModified": "2022-07-27T23:56:09.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2022-07-13T21:15:08.577", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules+_Security_Notification.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cybersecurity@se.com", "type": "Primary"}]}