CVE-2022-0222

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-269
View all →

Vulnerability Description

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)

Related Vulnerabilities

CVE-2012-5663

HIGH
CVSS:7.5(High)

The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).

CWE-2692012

CVE-2015-8467

HIGH
CVSS:7.5(High)

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative ...

CWE-2692015

CVE-2017-16520

HIGH
CVSS:7.5(High)

Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.

CWE-2692017

CVE-2017-5722

HIGH
CVSS:7.5(High)

Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enfor...

CWE-2692017

CVE-2017-7803

HIGH
CVSS:7.5(High)

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbir...

CWE-2692017