CVE-2021-22790

MEDIUM

Modicon M340/M580/MC80/Momentum/Quantum/Premium - Denial of Service via Crafted Project File

Title source: llm
STIX 2.1

Description

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0083
EPSS Percentile 53.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (50)
None/Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU ( Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34
schneider-electric/modicon_m340_bmxp341000
schneider-electric/modicon_m340_bmxp342010
schneider-electric/modicon_m340_bmxp342020
schneider-electric/modicon_m340_bmxp342030
schneider-electric/modicon_m580_bmeh582040
schneider-electric/modicon_m580_bmeh582040c
schneider-electric/modicon_m580_bmeh582040s
schneider-electric/modicon_m580_bmeh584040
schneider-electric/modicon_m580_bmeh584040c
... and 40 more
Published Sep 02, 2021
Tracked Since Feb 18, 2026