CVE-2021-22786

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU part numbers BMXP34 Versions prior to V3.30, Modicon M580 CPU par...

The vulnerability of the Modbus TCP protocol implementation in microprogrammed software for programmable logic controllers from Schneider Electric, such as Modicon M340, M580, MC80, Modicon Momentum MDI, Legacy Modicon Quantum/Premium, allows a intruder to trigger a service failure.

The vulnerability of the Modbus TCP protocol implementation in microprogrammed logic controllers from Schneider Electric, such as Modicon M340, M580, MC80, Modicon Momentum MDI, and Legacy Modicon Quantum/Premium, is related to a potential integer overflow. Exploiting this vulnerability could all...

PT-2022-4155 · Schneider Electric · Modicon Quantum/Premium +4

Name of the Vulnerable Software and Affected Versions: Modicon M340 CPU versions V3.40 and prior Modicon M580 CPU versions V3.22 and prior Legacy Modicon Quantum/Premium All Versions Modicon Momentum MDI 171CBU All Versions Modicon MC80 BMKC80 versions V1.7 and prior Description: A CWE-191: Integ...