Information Exposure Vulnerability in Modicon Controllers by Schneider Electric
CVE-2021-22786

7.5HIGH

Key Information:

Vendor

Schneider Electric
Status
Modicon M340 Cpu (part Numbers Bmxp34*)
Modicon M580 Cpu (part Numbers Bmep* And Bmeh*)
Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s)
Modicon Mc80 (bmkc80)
Vendor
CVE Published:
1 February 2023

What is CVE-2021-22786?

A vulnerability exists in Schneider Electric's Modicon controllers that allows for sensitive information stored in memory to be accessed during communication via the Modbus TCP protocol. This information exposure could potentially compromise confidential data, making it imperative for users to ensure their systems are updated to mitigate such risks. Preventative measures should be taken to secure network communications and maintain confidentiality of data processed by these controllers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Legacy Modicon Quantum All Versions

Modicon M340 CPU (part numbers BMXP34*) All

Modicon M580 CPU (part numbers BMEP* and BMEH*) All

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.