Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2021-22786

Published: 01/02/2023 Updated: 08/02/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Schneider-electric

Vulnerability Summary

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

schneider-electric modicon_m340_bmxp341000_firmware

schneider-electric modicon_m340_bmxp342000_firmware

schneider-electric modicon_m340_bmxp342010_firmware

schneider-electric modicon_m340_bmxp3420102_firmware

schneider-electric modicon_m340_bmxp342020_firmware

schneider-electric modicon_m340_bmxp342020h_firmware

schneider-electric modicon_m340_bmxp342030_firmware

schneider-electric modicon_m340_bmxp3420302_firmware

schneider-electric modicon_m340_bmxp3420302h_firmware

schneider-electric modicon_m340_bmxp342030h_firmware

schneider-electric modicon_m580_bmeh582040_firmware

schneider-electric modicon_m580_bmeh582040c_firmware

schneider-electric modicon_m580_bmeh582040s_firmware

schneider-electric modicon_m580_bmeh584040_firmware

schneider-electric modicon_m580_bmeh584040c_firmware

schneider-electric modicon_m580_bmeh584040s_firmware

schneider-electric modicon_m580_bmeh586040_firmware

schneider-electric modicon_m580_bmeh586040c_firmware

schneider-electric modicon_m580_bmeh586040s_firmware

schneider-electric modicon_m580_bmep581020_firmware

schneider-electric modicon_m580_bmep581020h_firmware

schneider-electric modicon_m580_bmep582020_firmware

schneider-electric modicon_m580_bmep582020h_firmware

schneider-electric modicon_m580_bmep582040_firmware

schneider-electric modicon_m580_bmep582040h_firmware

schneider-electric modicon_m580_bmep582040s_firmware

schneider-electric modicon_m580_bmep583020_firmware

schneider-electric modicon_m580_bmep583040_firmware

schneider-electric modicon_m580_bmep584020_firmware

schneider-electric modicon_m580_bmep584040_firmware

schneider-electric modicon_m580_bmep584040s_firmware

schneider-electric modicon_m580_bmep585040_firmware

schneider-electric modicon_m580_bmep585040c_firmware

schneider-electric modicon_m580_bmep586040_firmware

schneider-electric modicon_m580_bmep586040c_firmware

schneider-electric modicon_momentum_171cbu78090_firmware

schneider-electric modicon_momentum_171cbu98090_firmware

schneider-electric modicon_momentum_171cbu98091_firmware

schneider-electric modicon_mc80_bmkc8020301_firmware

schneider-electric modicon_mc80_bmkc8020310_firmware

schneider-electric modicon_mc80_bmkc8030311_firmware

References

CWE-200https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdfhttps://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook