Lucene search

SchneiderCVE-2021-22745

HistoryMay 26, 2021 - 8:15 p.m.

CVE-2021-22745

2021-05-2620:15:09

CWE-754

schneider

web.nvd.nist.gov

cve-2021-22745

triconex

model 3009 mp

vulnerability

tristation

nvd

cve

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

3.9

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.1

Confidence

High

EPSS

0.001

Percentile

17.1%

JSON

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22746, and CVE-2021-22747.

Affected configurations

Nvd

Node

schneider-electrictriconex_model_3009_mp_firmwareRange11.3.0–11.8.0

AND

schneider-electrictriconex_model_3009_mpMatch-

Node

schneider-electrictcm_4351b_firmwareRange11.3.0–11.5.1

schneider-electrictcm_4351b_firmwareMatch11.7.0

AND

schneider-electrictcm_4351bMatch-

VendorProductVersionCPE
schneider-electrictriconex_model_3009_mp_firmware*cpe:2.3:o:schneider-electric:triconex_model_3009_mp_firmware:*:*:*:*:*:*:*:*
schneider-electrictriconex_model_3009_mp-cpe:2.3:h:schneider-electric:triconex_model_3009_mp:-:*:*:*:*:*:*:*
schneider-electrictcm_4351b_firmware*cpe:2.3:o:schneider-electric:tcm_4351b_firmware:*:*:*:*:*:*:*:*
schneider-electrictcm_4351b_firmware11.7.0cpe:2.3:o:schneider-electric:tcm_4351b_firmware:11.7.0:*:*:*:*:*:*:*
schneider-electrictcm_4351b-cpe:2.3:h:schneider-electric:tcm_4351b:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	triconex_model_3009_mp_firmware	*	cpe:2.3:o:schneider-electric:triconex_model_3009_mp_firmware::::::::
schneider-electric	triconex_model_3009_mp	-	cpe:2.3:h:schneider-electric:triconex_model_3009_mp:-:::::::*
schneider-electric	tcm_4351b_firmware	*	cpe:2.3:o:schneider-electric:tcm_4351b_firmware::::::::
schneider-electric	tcm_4351b_firmware	11.7.0	cpe:2.3:o:schneider-electric:tcm_4351b_firmware:11.7.0:::::::*
schneider-electric	tcm_4351b	-	cpe:2.3:h:schneider-electric:tcm_4351b:-:::::::*

CNA Affected

[
  {
    "product": "Triconex Model 3009 MP installed on Tricon V11.3.x systems",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Triconex Model 3009 MP installed on Tricon V11.3.x systems"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03

Social References

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

3.9

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.1

Confidence

High

EPSS

0.001

Percentile

17.1%

JSON

Related for CVE-2021-22745