Information Exposure Vulnerability in Modicon Controllers by Schneider Electric
CVE-2021-22786

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M340 Cpu (part Numbers Bmxp34*); Modicon M580 Cpu (part Numbers Bmep* And Bmeh*); Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s); Modicon Mc80 (bmkc80)
Vendor: CVE Published:; 1 February 2023

Summary

A vulnerability exists in Schneider Electric's Modicon controllers that allows for sensitive information stored in memory to be accessed during communication via the Modbus TCP protocol. This information exposure could potentially compromise confidential data, making it imperative for users to ensure their systems are updated to mitigate such risks. Preventative measures should be taken to secure network communications and maintain confidentiality of data processed by these controllers.

Affected Version(s)

Legacy Modicon Quantum All Versions

Modicon M340 CPU (part numbers BMXP34*) All

Modicon M580 CPU (part numbers BMEP* and BMEH*) All

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Jan 6, 2021