Information Exposure Vulnerability in Modicon M340 and Premium Processors by Schneider Electric
CVE-2021-22785
Key Information:
- Vendor
- Schneider Electric
- Vendor
- CVE Published:
- 11 February 2022
Summary
An information exposure vulnerability has been identified in Schneider Electric’s Modicon CPUs, which allows an unauthorized attacker to access sensitive data residing in the web root directory. This exposure can occur when a malicious actor sends a specially crafted HTTP request to the device's web server, enabling them to leak confidential information. Affected devices include various models of Modicon M340, Premium, and Quantum processors, highlighting the significance of timely updates and securing network environments against potential exploits.
Affected Version(s)
Modicon M340 CPUs: BMXP34 ( prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All ), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All ), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All ), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All ), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All ) Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved