Out-of-bounds Write Vulnerability in Schneider Electric Modicon Products
CVE-2021-22788
Key Information:
- Vendor
- Schneider Electric
- Vendor
- CVE Published:
- 11 February 2022
Summary
An out-of-bounds write vulnerability exists in Schneider Electric's Modicon products, which can be exploited by attackers to cause denial of service. By sending specially crafted HTTP requests to the affected devices, attackers may disrupt the normal operation of the web server, potentially leading to significant service downtime. This vulnerability affects various Modicon processors and communication modules, necessitating immediate attention from users to implement corrective measures.
Affected Version(s)
Modicon M340 CPUs: BMXP34 ( prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All ), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All ), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All ), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All ), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All ) Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved