CVE-2021-22791 - OpenCVE

A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Modicon M340 Bmxp341000 Modicon M340 Bmxp342010 Modicon M340 Bmxp342020 Modicon M340 Bmxp342030 Modicon M580 Bmeh582040 Modicon M580 Bmeh582040c Modicon M580 Bmeh582040s Modicon M580 Bmeh584040 Modicon M580 Bmeh584040c Modicon M580 Bmeh584040s Modicon M580 Bmeh586040 Modicon M580 Bmeh586040c Modicon M580 Bmeh586040s Modicon M580 Bmep581020 Modicon M580 Bmep581020h Modicon M580 Bmep582020 Modicon M580 Bmep582020h Modicon M580 Bmep582040 Modicon M580 Bmep582040h Modicon M580 Bmep582040s Modicon M580 Bmep583020 Modicon M580 Bmep583040 Modicon M580 Bmep584020 Modicon M580 Bmep584040 Modicon M580 Bmep584040s Modicon M580 Bmep585040 Modicon M580 Bmep585040c Modicon M580 Bmep586040 Modicon M580 Bmep586040c Modicon Mc80 Bmkc8020301 Modicon Mc80 Bmkc8020310 Modicon Mc80 Bmkc8030311 Modicon Momentum 171cbu78090 Modicon Momentum 171cbu98090 Modicon Momentum 171cbu98091 Modicon Premium Tsxp57 1634m Modicon Premium Tsxp57 2634m Modicon Premium Tsxp57 2834m Modicon Premium Tsxp57 454m Modicon Premium Tsxp57 4634m Modicon Premium Tsxp57 554m Modicon Premium Tsxp57 5634m Modicon Premium Tsxp57 6634m Modicon Quantum 140cpu65150 Modicon Quantum 140cpu65150c Modicon Quantum 140cpu65160 Modicon Quantum 140cpu65160c Plc Simulator For Ecostruxure Control Expert Plc Simulator For Ecostruxure Process Expert

Configuration 1 [-]

OR	cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:::::::*
	cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:::::::*
	cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:::::::*

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2021-09-02T16:52:51

Updated: 2024-08-03T18:51:07.453Z

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22791

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-02T17:15:08.290

Modified: 2021-09-13T19:28:42.877

Link: CVE-2021-22791

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object