CVE-2021-22790

MEDIUM

Modicon <all - Denial of Service

Title source: llm

Description

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

References (2)

Core 2

Core References

Not Applicable x_refsource_misc

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05

Patch, Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04

Scores

CVSS v3 6.5

EPSS 0.0044

EPSS Percentile 63.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (49)

schneider-electric/modicon_m340_bmxp341000

schneider-electric/modicon_m340_bmxp342010

schneider-electric/modicon_m340_bmxp342020

schneider-electric/modicon_m340_bmxp342030

schneider-electric/modicon_m580_bmeh582040

schneider-electric/modicon_m580_bmeh582040c

schneider-electric/modicon_m580_bmeh582040s

schneider-electric/modicon_m580_bmeh584040

schneider-electric/modicon_m580_bmeh584040c

schneider-electric/modicon_m580_bmeh584040s

... and 39 more

Published Sep 02, 2021

Tracked Since Feb 18, 2026