Lucene search

[email protected]CVE-2021-22787

HistoryFeb 11, 2022 - 6:15 p.m.

CVE-2021-22787

2022-02-1118:15:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2021-22787

cwe-20

modicon m340

denial of service

http

vulnerability

nvd

security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

33.0%

JSON

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

CPENameOperatorVersion
schneider-electric:modicon_m340_bmxp342020_firmwareschneider-electric modicon m340 bmxp342020 firmwarelt3.40
schneider-electric:bmxnoe0100_firmwareschneider-electric bmxnoe0100 firmwareeq*
schneider-electric:bmxnoe0110_firmwareschneider-electric bmxnoe0110 firmwareeq*
schneider-electric:bmxnoc0401_firmwareschneider-electric bmxnoc0401 firmwareeq*
schneider-electric:bmxnor0200h_rtu_firmwareschneider-electric bmxnor0200h rtu firmwareeq*
schneider-electric:tsxp574634_firmwareschneider-electric tsxp574634 firmwareeq*
schneider-electric:tsxp575634_firmwareschneider-electric tsxp575634 firmwareeq*
schneider-electric:tsxp576634_firmwareschneider-electric tsxp576634 firmwareeq*
schneider-electric:140cpu65150_firmwareschneider-electric 140cpu65150 firmwareeq*
schneider-electric:140noe771x1_firmwareschneider-electric 140noe771x1 firmwareeq*

CPE	Name	Operator	Version
schneider-electric:modicon_m340_bmxp342020_firmware	schneider-electric modicon m340 bmxp342020 firmware	lt	3.40
schneider-electric:bmxnoe0100_firmware	schneider-electric bmxnoe0100 firmware	eq	*
schneider-electric:bmxnoe0110_firmware	schneider-electric bmxnoe0110 firmware	eq	*
schneider-electric:bmxnoc0401_firmware	schneider-electric bmxnoc0401 firmware	eq	*
schneider-electric:bmxnor0200h_rtu_firmware	schneider-electric bmxnor0200h rtu firmware	eq	*
schneider-electric:tsxp574634_firmware	schneider-electric tsxp574634 firmware	eq	*
schneider-electric:tsxp575634_firmware	schneider-electric tsxp575634 firmware	eq	*
schneider-electric:tsxp576634_firmware	schneider-electric tsxp576634 firmware	eq	*
schneider-electric:140cpu65150_firmware	schneider-electric 140cpu65150 firmware	eq	*
schneider-electric:140noe771x1_firmware	schneider-electric 140noe771x1 firmware	eq	*

Rows per page:

1-10 of 141

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

33.0%

JSON

Related for CVE-2021-22787

prion1 cnvd1 nessus1 cvelist1