CVE-2021-22787

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 11-02-2022 07:15

Last modified: - 23-02-2022 05:55

Total changes: - 3

Description

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

AND

vendor=schneider-electric AND product=bmxp342020_firmware AND versionEndExcluding=3.40

vendor=schneider-electric AND product=bmxp342020 AND version=-

AND

vendor=schneider-electric AND product=bmxnoe0100_firmware

vendor=schneider-electric AND product=bmxnoe0100 AND version=-

AND

vendor=schneider-electric AND product=bmxnoe0110_firmware

vendor=schneider-electric AND product=bmxnoe0110 AND version=-

AND

vendor=schneider-electric AND product=bmxnoc0401_firmware

vendor=schneider-electric AND product=bmxnoc0401 AND version=-

AND

vendor=schneider-electric AND product=bmxnor0200h_rtu_firmware

vendor=schneider-electric AND product=bmxnor0200h_rtu AND version=-

AND

vendor=schneider-electric AND product=tsxp574634_firmware

vendor=schneider-electric AND product=tsxp574634 AND version=-

AND

vendor=schneider-electric AND product=tsxp575634_firmware

vendor=schneider-electric AND product=tsxp575634 AND version=-

AND

vendor=schneider-electric AND product=tsxp576634_firmware

vendor=schneider-electric AND product=tsxp576634 AND version=-

AND

vendor=schneider-electric AND product=140cpu65150_firmware

vendor=schneider-electric AND product=140cpu65150 AND version=-

AND

vendor=schneider-electric AND product=140noe771x1_firmware

vendor=schneider-electric AND product=140noe771x1 AND version=-

AND

vendor=schneider-electric AND product=140noc78x00_firmware

vendor=schneider-electric AND product=140noc78x00 AND version=-

AND

vendor=schneider-electric AND product=140noc77101_firmware

vendor=schneider-electric AND product=140noc77101 AND version=-

AND

vendor=schneider-electric AND product=tsxety4103_firmware

vendor=schneider-electric AND product=tsxety4103 AND version=-

AND

vendor=schneider-electric AND product=tsxety5103_firmware

vendor=schneider-electric AND product=tsxety5103 AND version=-

Reference

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02

Keywords

CVE-2021-22787

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-22787

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures