CVE-2021-22779
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.
Se presenta una vulnerabilidad de Omisión de Autenticación por Spoofing en EcoStruxure Control Expert (todas las versiones anteriores a V15.0 SP1, incluyendo todas las versiones de Unity Pro), EcoStruxure Control Expert versión V15.0 SP1, EcoStruxure Process Expert (todas las versiones, incluyendo todas las versiones de EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (todas las versiones), Modicon M580 CPU (todas las versiones - números de parte BMEP* y BMEH*), Modicon M340 CPU (todas las versiones - números de parte BMXP34*), que podría causar un acceso no autorizado en modo de lectura y escritura al controlador mediante el spoofing de la comunicación Modbus entre el software de ingeniería y el controlador
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-06 CVE Reserved
- 2021-07-14 CVE Published
- 2024-03-29 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-290: Authentication Bypass by Spoofing
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01 | 2021-07-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep581020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep581020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep581020h Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020h Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep581020h Search vendor "Schneider-electric" for product "Modicon M580 Bmep581020h" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582020h Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020h Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582020h Search vendor "Schneider-electric" for product "Modicon M580 Bmep582020h" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582040h Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040h Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582040h Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040h" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582040s Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040s Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep582040s Search vendor "Schneider-electric" for product "Modicon M580 Bmep582040s" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep583020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep583020 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep583020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep583020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep583040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep583040 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep583040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep583040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584020 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep584020 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584020 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584040s Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040s Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep584040s Search vendor "Schneider-electric" for product "Modicon M580 Bmep584040s" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep585040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep585040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep585040c Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040c Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep585040c Search vendor "Schneider-electric" for product "Modicon M580 Bmep585040c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep586040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep586040 Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep586040c Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040c Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmep586040c Search vendor "Schneider-electric" for product "Modicon M580 Bmep586040c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040c Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040c Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040c Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040s Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040s Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh582040s Search vendor "Schneider-electric" for product "Modicon M580 Bmeh582040s" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040c Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040c Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040c Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040s Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040s Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh584040s Search vendor "Schneider-electric" for product "Modicon M580 Bmeh584040s" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040 Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040 Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040c Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040c Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040c Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040c" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040s Firmware Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040s Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M580 Bmeh586040s Search vendor "Schneider-electric" for product "Modicon M580 Bmeh586040s" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp341000 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp341000 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342010 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342010 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342010 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342010" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342030 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342030 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342030 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342030" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Control Expert Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" | < 15.0 Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" and version " < 15.0" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Control Expert Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" | 15.0 Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" and version "15.0" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Control Expert Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" | 15.0 Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" and version "15.0" | sp1 |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Process Expert Search vendor "Schneider-electric" for product "Ecostruxure Process Expert" | * | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Remoteconnect Search vendor "Schneider-electric" for product "Remoteconnect" | * | scadapack_x70 |
Affected
| ||||||