{"containers": {"cna": {"affected": [{"product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"}]}], "descriptions": [{"lang": "en", "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-02T16:52:25.000Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2021-22789", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)", "version": {"version_data": [{"version_value": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}]}, "references": {"reference_data": [{"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04", "refsource": "MISC", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:51:07.526Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2021-22789", "datePublished": "2021-09-02T16:52:25.000Z", "dateReserved": "2021-01-06T00:00:00.000Z", "dateUpdated": "2024-08-03T18:51:07.526Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*", "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*", "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*", "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*", "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*", "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*", "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*", "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*", "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*", "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*", "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*", "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*", "matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*", "matchCriteriaId": "026D5E27-E50D-4614-A3EB-C54150C85572", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*", "matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*", "matchCriteriaId": "39E46898-7206-45C1-9A93-729B5905EF38", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*", "matchCriteriaId": "C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*", "matchCriteriaId": "32B611B6-1138-40DF-848A-A4A10E1DB0F2", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*", "matchCriteriaId": "4479C318-EE74-4338-B172-EC13D4D62246", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*", "matchCriteriaId": "98A25B72-B3A9-4717-8AA9-B164226DF9D9", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*", "matchCriteriaId": "889E9E8B-688E-420E-9A99-AB64BA7ABCDC", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E3446A5-69F7-4270-93E2-CD5614970698", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*", "matchCriteriaId": "08FE0C5D-3132-48AD-92EB-B7C4277C1FAA", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD3F1B7C-7972-463E-930E-F359A402DAF5", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC9D2D4D-558B-424E-AB04-429C83F06DB7", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A63ECFF-261A-4C39-964E-CBC4B97147DC", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B722F22-2CEB-426B-9615-DD3B73A671F4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."}, {"lang": "es", "value": "Una CWE-119: Una vulnerabilidad de Restricci\u00f3n Inapropiada de Operaciones dentro de los L\u00edmites de un B\u00fafer de Memoria que podr\u00eda causar una Denegaci\u00f3n de Servicio en el controlador/simulador del PLC Modicon cuando se actualiza la aplicaci\u00f3n del controlador con un archivo de proyecto especialmente dise\u00f1ado se presenta en Modicon M580 CPU (n\u00fameros de pieza BMEP* and BMEH*, todas las versiones), Modicon M340 CPU (n\u00fameros de pieza BMXP34*, todas las versiones), Modicon MC80 (n\u00fameros de pieza BMKC80*, todas las versiones), Modicon Momentum Ethernet CPU (n\u00fameros de pieza 171CBU*, todas las versiones), PLC Simulator for EcoStruxure\u00aa Control Expert, incluyendo todas las versiones Unity Pro (antiguo nombre de EcoStruxure\u00aa Control Expert, todas las versiones), PLC Simulator for EcoStruxure\u00aa Process Expert incluyendo todas las versiones HDCS (antiguo nombre de EcoStruxure\u00aa Process Expert, todas las versiones), Modicon Quantum CPU (n\u00fameros de pieza 140CPU*, todas las versiones), Modicon Premium CPU (n\u00fameros de pieza TSXP5*, todas las versiones)"}], "id": "CVE-2021-22789", "lastModified": "2024-11-21T05:50:40.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-02T17:15:08.180", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}

{}

{}