Improper Input Validation Vulnerability in Modicon M340 and Quantum Products by Schneider Electric
CVE-2021-22787
Key Information:
- Vendor
- Schneider Electric
- Vendor
- CVE Published:
- 11 February 2022
Summary
An improper input validation vulnerability in Schneider Electric's Modicon products could lead to a denial of service. This issue arises when an attacker sends a specially crafted HTTP request to the affected device’s web server, exploiting the lack of proper validation mechanisms. This vulnerability affects various models within the Modicon M340 series, Quantum processors, and other communication modules, impacting their operational stability. Users of these devices are advised to implement appropriate security measures and consider upgrading to secure versions.
Affected Version(s)
Modicon M340 CPUs: BMXP34 ( prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All ), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All ), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All ), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All ), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All ) Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved