A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | Modicon M340 CPU (part numbers BMXP34*) | affected |
|
||||||
| Schneider Electric | Modicon M580 CPU (part numbers BMEP* and BMEH*) | affected |
|
||||||
| Schneider Electric | Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) | affected |
|
||||||
| Schneider Electric | Modicon MC80 (BMKC80) | affected |
|
||||||
| Schneider Electric | Modicon Momentum CPU (171CBU*) | affected |
|
||||||
| Schneider Electric | Legacy Modicon Quantum | affected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
| AND |
|
Configuration 14 [-]
| AND |
|
Configuration 15 [-]
| AND |
|
Configuration 16 [-]
| AND |
|
Configuration 17 [-]
| AND |
|
Configuration 18 [-]
| AND |
|
Configuration 19 [-]
| AND |
|
Configuration 20 [-]
| AND |
|
Configuration 21 [-]
| AND |
|
Configuration 22 [-]
| AND |
|
Configuration 23 [-]
| AND |
|
Configuration 24 [-]
| AND |
|
Configuration 25 [-]
| AND |
|
Configuration 26 [-]
| AND |
|
Configuration 27 [-]
| AND |
|
Configuration 28 [-]
| AND |
|
Configuration 29 [-]
| AND |
|
Configuration 30 [-]
| AND |
|
Configuration 31 [-]
| AND |
|
Configuration 32 [-]
| AND |
|
Configuration 33 [-]
| AND |
|
Configuration 34 [-]
| AND |
|
Configuration 35 [-]
| AND |
|
Configuration 36 [-]
| AND |
|
Configuration 37 [-]
| AND |
|
Configuration 38 [-]
| AND |
|
Configuration 39 [-]
| AND |
|
Configuration 40 [-]
| AND |
|
Configuration 41 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Schneider-electric
Subscribe
|
Modicon M340 Bmxp341000
Subscribe
Modicon M340 Bmxp341000 Firmware
Subscribe
Modicon M340 Bmxp342000
Subscribe
Modicon M340 Bmxp342000 Firmware
Subscribe
Modicon M340 Bmxp342010
Subscribe
Modicon M340 Bmxp3420102
Subscribe
Modicon M340 Bmxp3420102 Firmware
Subscribe
Modicon M340 Bmxp342010 Firmware
Subscribe
Modicon M340 Bmxp342020
Subscribe
Modicon M340 Bmxp342020 Firmware
Subscribe
Modicon M340 Bmxp342020h
Subscribe
Modicon M340 Bmxp342020h Firmware
Subscribe
Modicon M340 Bmxp342030
Subscribe
Modicon M340 Bmxp3420302
Subscribe
Modicon M340 Bmxp3420302 Firmware
Subscribe
Modicon M340 Bmxp3420302h
Subscribe
Modicon M340 Bmxp3420302h Firmware
Subscribe
Modicon M340 Bmxp342030 Firmware
Subscribe
Modicon M340 Bmxp342030h
Subscribe
Modicon M340 Bmxp342030h Firmware
Subscribe
Modicon M580 Bmeh582040
Subscribe
Modicon M580 Bmeh582040 Firmware
Subscribe
Modicon M580 Bmeh582040c
Subscribe
Modicon M580 Bmeh582040c Firmware
Subscribe
Modicon M580 Bmeh582040s
Subscribe
Modicon M580 Bmeh582040s Firmware
Subscribe
Modicon M580 Bmeh584040
Subscribe
Modicon M580 Bmeh584040 Firmware
Subscribe
Modicon M580 Bmeh584040c
Subscribe
Modicon M580 Bmeh584040c Firmware
Subscribe
Modicon M580 Bmeh584040s
Subscribe
Modicon M580 Bmeh584040s Firmware
Subscribe
Modicon M580 Bmeh586040
Subscribe
Modicon M580 Bmeh586040 Firmware
Subscribe
Modicon M580 Bmeh586040c
Subscribe
Modicon M580 Bmeh586040c Firmware
Subscribe
Modicon M580 Bmeh586040s
Subscribe
Modicon M580 Bmeh586040s Firmware
Subscribe
Modicon M580 Bmep581020
Subscribe
Modicon M580 Bmep581020 Firmware
Subscribe
Modicon M580 Bmep581020h
Subscribe
Modicon M580 Bmep581020h Firmware
Subscribe
Modicon M580 Bmep582020
Subscribe
Modicon M580 Bmep582020 Firmware
Subscribe
Modicon M580 Bmep582020h
Subscribe
Modicon M580 Bmep582020h Firmware
Subscribe
Modicon M580 Bmep582040
Subscribe
Modicon M580 Bmep582040 Firmware
Subscribe
Modicon M580 Bmep582040h
Subscribe
Modicon M580 Bmep582040h Firmware
Subscribe
Modicon M580 Bmep582040s
Subscribe
Modicon M580 Bmep582040s Firmware
Subscribe
Modicon M580 Bmep583020
Subscribe
Modicon M580 Bmep583020 Firmware
Subscribe
Modicon M580 Bmep583040
Subscribe
Modicon M580 Bmep583040 Firmware
Subscribe
Modicon M580 Bmep584020
Subscribe
Modicon M580 Bmep584020 Firmware
Subscribe
Modicon M580 Bmep584040
Subscribe
Modicon M580 Bmep584040 Firmware
Subscribe
Modicon M580 Bmep584040s
Subscribe
Modicon M580 Bmep584040s Firmware
Subscribe
Modicon M580 Bmep585040
Subscribe
Modicon M580 Bmep585040 Firmware
Subscribe
Modicon M580 Bmep585040c
Subscribe
Modicon M580 Bmep585040c Firmware
Subscribe
Modicon M580 Bmep586040
Subscribe
Modicon M580 Bmep586040 Firmware
Subscribe
Modicon M580 Bmep586040c
Subscribe
Modicon M580 Bmep586040c Firmware
Subscribe
Modicon Mc80 Bmkc8020301
Subscribe
Modicon Mc80 Bmkc8020301 Firmware
Subscribe
Modicon Mc80 Bmkc8020310
Subscribe
Modicon Mc80 Bmkc8020310 Firmware
Subscribe
Modicon Mc80 Bmkc8030311
Subscribe
Modicon Mc80 Bmkc8030311 Firmware
Subscribe
Modicon Momentum 171cbu78090
Subscribe
Modicon Momentum 171cbu78090 Firmware
Subscribe
Modicon Momentum 171cbu98090
Subscribe
Modicon Momentum 171cbu98090 Firmware
Subscribe
Modicon Momentum 171cbu98091
Subscribe
Modicon Momentum 171cbu98091 Firmware
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2021-9921 | A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions) |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 05 Feb 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: schneider
Published:
Updated: 2025-02-05T20:06:44.280Z
Reserved: 2021-01-06T00:00:00.000Z
Link: CVE-2021-22786
Vulnrichment
Updated: 2024-08-03T18:51:07.574Z
NVD
Status : Modified
Published: 2023-02-01T04:15:08.603
Modified: 2024-11-21T05:50:39.900
Link: CVE-2021-22786
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses