7.5

CVE-2021-22792

EPSS 0.46%
Veröffentlicht 02.09.2021 17:15:08
Zuletzt bearbeitet 21.11.2024 05:50:40
Quelle cybersecurity@se.com
Teams Watchlist Login
Unerledigt Login

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Modicon M340 Bmxp341000 Version-

Schneider-electric ≫ Modicon M340 Bmxp342010 Version-

Schneider-electric ≫ Modicon M340 Bmxp342020 Version-

Schneider-electric ≫ Modicon M340 Bmxp342030 Version-

Schneider-electric ≫ Modicon M580 Bmeh582040 Version-

Schneider-electric ≫ Modicon M580 Bmeh582040c Version-

Schneider-electric ≫ Modicon M580 Bmeh582040s Version-

Schneider-electric ≫ Modicon M580 Bmeh584040 Version-

Schneider-electric ≫ Modicon M580 Bmeh584040c Version-

Schneider-electric ≫ Modicon M580 Bmeh584040s Version-

Schneider-electric ≫ Modicon M580 Bmeh586040 Version-

Schneider-electric ≫ Modicon M580 Bmeh586040c Version-

Schneider-electric ≫ Modicon M580 Bmeh586040s Version-

Schneider-electric ≫ Modicon M580 Bmep581020 Version-

Schneider-electric ≫ Modicon M580 Bmep581020h Version-

Schneider-electric ≫ Modicon M580 Bmep582020 Version-

Schneider-electric ≫ Modicon M580 Bmep582020h Version-

Schneider-electric ≫ Modicon M580 Bmep582040 Version-

Schneider-electric ≫ Modicon M580 Bmep582040h Version-

Schneider-electric ≫ Modicon M580 Bmep582040s Version-

Schneider-electric ≫ Modicon M580 Bmep583020 Version-

Schneider-electric ≫ Modicon M580 Bmep583040 Version-

Schneider-electric ≫ Modicon M580 Bmep584020 Version-

Schneider-electric ≫ Modicon M580 Bmep584040 Version-

Schneider-electric ≫ Modicon M580 Bmep584040s Version-

Schneider-electric ≫ Modicon M580 Bmep585040 Version-

Schneider-electric ≫ Modicon M580 Bmep585040c Version-

Schneider-electric ≫ Modicon M580 Bmep586040 Version-

Schneider-electric ≫ Modicon M580 Bmep586040c Version-

Schneider-electric ≫ Modicon Mc80 Bmkc8020301 Version-

Schneider-electric ≫ Modicon Mc80 Bmkc8020310 Version-

Schneider-electric ≫ Modicon Mc80 Bmkc8030311 Version-

Schneider-electric ≫ Modicon Momentum 171cbu78090 Version-

Schneider-electric ≫ Modicon Momentum 171cbu98090 Version-

Schneider-electric ≫ Modicon Momentum 171cbu98091 Version-

Schneider-electric ≫ Modicon Premium Tsxp57 1634m Version-

Schneider-electric ≫ Modicon Premium Tsxp57 2634m Version-

Schneider-electric ≫ Modicon Premium Tsxp57 2834m Version-

Schneider-electric ≫ Modicon Premium Tsxp57 454m Version-

Schneider-electric ≫ Modicon Premium Tsxp57 4634m Version-

Schneider-electric ≫ Modicon Premium Tsxp57 554m Version-

Schneider-electric ≫ Modicon Premium Tsxp57 5634m Version-

Schneider-electric ≫ Modicon Premium Tsxp57 6634m Version-

Schneider-electric ≫ Modicon Quantum 140cpu65150 Version-

Schneider-electric ≫ Modicon Quantum 140cpu65150c Version-

Schneider-electric ≫ Modicon Quantum 140cpu65160 Version-

Schneider-electric ≫ Modicon Quantum 140cpu65160c Version-

Schneider-electric ≫ Plc Simulator For Ecostruxure Control Expert Version-

Schneider-electric ≫ Plc Simulator For Ecostruxure Process Expert Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.46%	0.611

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04

Patch

Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2021-22792

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22792

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22792

EUVD