7.5

CVE-2021-22786

EPSS 0.18%
Published 01.02.2023 04:15:08
Last modified 21.11.2024 05:50:39
Source cybersecurity@se.com
Teams watchlist Login
Open Login

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Modicon M340 Bmxp341000 Firmware Version < 3.40

Schneider-electric ≫ Modicon M340 Bmxp341000 Version-

Schneider-electric ≫ Modicon M340 Bmxp342000 Firmware Version < 3.40

Schneider-electric ≫ Modicon M340 Bmxp342000 Version-

Schneider-electric ≫ Modicon M340 Bmxp342010 Firmware Version < 3.40

Schneider-electric ≫ Modicon M340 Bmxp342010 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420102 Firmware Version < 3.40

Schneider-electric ≫ Modicon M340 Bmxp3420102 Version-

Schneider-electric ≫ Modicon M340 Bmxp342020 Firmware Version < 3.40

Schneider-electric ≫ Modicon M340 Bmxp342020 Version-

Schneider-electric ≫ Modicon M340 Bmxp342020h Firmware Version < 3.40

Schneider-electric ≫ Modicon M340 Bmxp342020h Version-

Schneider-electric ≫ Modicon M340 Bmxp342030 Firmware Version < 3.40

Schneider-electric ≫ Modicon M340 Bmxp342030 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420302 Firmware Version < 3.40

Schneider-electric ≫ Modicon M340 Bmxp3420302 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420302h Firmware Version < 3.40

Schneider-electric ≫ Modicon M340 Bmxp3420302h Version-

Schneider-electric ≫ Modicon M340 Bmxp342030h Firmware Version < 3.40

Schneider-electric ≫ Modicon M340 Bmxp342030h Version-

Schneider-electric ≫ Modicon M580 Bmeh582040 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmeh582040 Version-

Schneider-electric ≫ Modicon M580 Bmeh582040c Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmeh582040c Version-

Schneider-electric ≫ Modicon M580 Bmeh582040s Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmeh582040s Version-

Schneider-electric ≫ Modicon M580 Bmeh584040 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmeh584040 Version-

Schneider-electric ≫ Modicon M580 Bmeh584040c Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmeh584040c Version-

Schneider-electric ≫ Modicon M580 Bmeh584040s Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmeh584040s Version-

Schneider-electric ≫ Modicon M580 Bmeh586040 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmeh586040 Version-

Schneider-electric ≫ Modicon M580 Bmeh586040c Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmeh586040c Version-

Schneider-electric ≫ Modicon M580 Bmeh586040s Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmeh586040s Version-

Schneider-electric ≫ Modicon M580 Bmep581020 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep581020 Version-

Schneider-electric ≫ Modicon M580 Bmep581020h Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep581020h Version-

Schneider-electric ≫ Modicon M580 Bmep582020 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep582020 Version-

Schneider-electric ≫ Modicon M580 Bmep582020h Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep582020h Version-

Schneider-electric ≫ Modicon M580 Bmep582040 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep582040 Version-

Schneider-electric ≫ Modicon M580 Bmep582040h Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep582040h Version-

Schneider-electric ≫ Modicon M580 Bmep582040s Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep582040s Version-

Schneider-electric ≫ Modicon M580 Bmep583020 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep583020 Version-

Schneider-electric ≫ Modicon M580 Bmep583040 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep583040 Version-

Schneider-electric ≫ Modicon M580 Bmep584020 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep584020 Version-

Schneider-electric ≫ Modicon M580 Bmep584040 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep584040 Version-

Schneider-electric ≫ Modicon M580 Bmep584040s Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep584040s Version-

Schneider-electric ≫ Modicon M580 Bmep585040 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep585040 Version-

Schneider-electric ≫ Modicon M580 Bmep585040c Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep585040c Version-

Schneider-electric ≫ Modicon M580 Bmep586040 Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep586040 Version-

Schneider-electric ≫ Modicon M580 Bmep586040c Firmware Version <= 3.20

Schneider-electric ≫ Modicon M580 Bmep586040c Version-

Schneider-electric ≫ Modicon Momentum 171cbu78090 Firmware Version < 2.4

Schneider-electric ≫ Modicon Momentum 171cbu78090 Version-

Schneider-electric ≫ Modicon Momentum 171cbu98090 Firmware Version < 2.4

Schneider-electric ≫ Modicon Momentum 171cbu98090 Version-

Schneider-electric ≫ Modicon Momentum 171cbu98091 Firmware Version < 2.4

Schneider-electric ≫ Modicon Momentum 171cbu98091 Version-

Schneider-electric ≫ Modicon Mc80 Bmkc8020301 Firmware Version < 1.70

Schneider-electric ≫ Modicon Mc80 Bmkc8020301 Version-

Schneider-electric ≫ Modicon Mc80 Bmkc8020310 Firmware Version < 1.70

Schneider-electric ≫ Modicon Mc80 Bmkc8020310 Version-

Schneider-electric ≫ Modicon Mc80 Bmkc8030311 Firmware Version < 1.70

Schneider-electric ≫ Modicon Mc80 Bmkc8030311 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.357

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cybersecurity@se.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-22786

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22786

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22786

EUVD