The vulnerability of the programming software simulator PLC EcoStruxure Control Expert, the automation system ProcessExpert, the configuration software SCADAPack RemoteConnect, and the micro-software for programmable logic controllers Modicon M580 and Modicon M340 relates to the bypassing of authentication procedures. This allows a perpetrator to gain access in read-only and write mode.

🗓️ 31 May 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

Spoofing bypasses authentication, enabling read-write access to EcoStruxure Control Expert, ProcessExpert, SCADAPack RemoteConnect, and Modicon M580 and M340.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2021-22779	14 Jul 202100:00	–	attackerkb
Information Security Automation	Last Week’s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins	19 Jul 202116:29	–	avleonov
Circl	CVE-2021-22779	15 Jul 202111:07	–	circl
CNNVD	Schneider Electric EcoStruxure Control Expert 安全漏洞	14 Jul 202100:00	–	cnnvd
CVE	CVE-2021-22779	14 Jul 202114:26	–	cve
Cvelist	CVE-2021-22779	14 Jul 202114:26	–	cvelist
EUVD	EUVD-2021-9914	3 Oct 202520:07	–	euvd
ICS	Schneider Electric Modicon Controllers and Software (Update A)	13 Jul 202100:00	–	ics
NVD	CVE-2021-22779	14 Jul 202115:15	–	nvd
Prion	Design/Logic Flaw	14 Jul 202115:15	–	prion

Vulners

Node

schneider_electric modicon_m340Range<3.50

Source	Link
download	www.download.schneider-electric.com/files
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-22779
fortiguard	www.fortiguard.com/zeroday/FG-VD-20-128
securelist	www.securelist.ru/the-secrets-of-schneider-electrics-umas-protocol/105911/
web	www.web.nvd.nist.gov/view/vuln/detail

02 Jun 2026 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 39.1

CVSS 29.4

EPSS0.01014