CVE-2021-22785
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
Una CWE-200: Se presenta una vulnerabilidad de Exposición de Información que podría causar un filtrado de información confidencial de archivos ubicados en el directorio root de la web cuando un atacante envía una petición HTTP al servidor web del dispositivo. Producto afectado: CPUs Modicon M340: BMXP34 (Versiones anteriores a V3.40), Módulos de Comunicación Ethernet Modicon M340 X80: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (Todas las versiones), Procesadores Modicon Premium con Ethernet integrada (Copro): TSXP574634, TSXP575634, TSXP576634 (Todas las versiones), Procesadores Modicon Quantum con Ethernet integrado (Copro): 140CPU65xxxxx (Todas las versiones), Módulos de comunicación Modicon Quantum: 140NOE771x1, 140NOC78x00, 140NOC77101 (Todas las versiones), Módulos de comunicación Modicon Premium: TSXETY4103, TSXETY5103 (todas las versiones)
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-06 CVE Reserved
- 2022-02-11 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 | 2024-04-10 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware" | < 3.40 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware" and version " < 3.40" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0100 Firmware Search vendor "Schneider-electric" for product "Bmxnoe0100 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0100 Search vendor "Schneider-electric" for product "Bmxnoe0100" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0110 Firmware Search vendor "Schneider-electric" for product "Bmxnoe0110 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0110 Search vendor "Schneider-electric" for product "Bmxnoe0110" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmxnoc0401 Firmware Search vendor "Schneider-electric" for product "Bmxnoc0401 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmxnoc0401 Search vendor "Schneider-electric" for product "Bmxnoc0401" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmxnor0200h Rtu Firmware Search vendor "Schneider-electric" for product "Bmxnor0200h Rtu Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmxnor0200h Rtu Search vendor "Schneider-electric" for product "Bmxnor0200h Rtu" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxp574634 Firmware Search vendor "Schneider-electric" for product "Tsxp574634 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxp574634 Search vendor "Schneider-electric" for product "Tsxp574634" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxp575634 Firmware Search vendor "Schneider-electric" for product "Tsxp575634 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxp575634 Search vendor "Schneider-electric" for product "Tsxp575634" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxp576634 Firmware Search vendor "Schneider-electric" for product "Tsxp576634 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxp576634 Search vendor "Schneider-electric" for product "Tsxp576634" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65150 Firmware Search vendor "Schneider-electric" for product "140cpu65150 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65150 Search vendor "Schneider-electric" for product "140cpu65150" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noe771x1 Firmware Search vendor "Schneider-electric" for product "140noe771x1 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noe771x1 Search vendor "Schneider-electric" for product "140noe771x1" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noc78x00 Firmware Search vendor "Schneider-electric" for product "140noc78x00 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noc78x00 Search vendor "Schneider-electric" for product "140noc78x00" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noc77101 Firmware Search vendor "Schneider-electric" for product "140noc77101 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noc77101 Search vendor "Schneider-electric" for product "140noc77101" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxety4103 Firmware Search vendor "Schneider-electric" for product "Tsxety4103 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxety4103 Search vendor "Schneider-electric" for product "Tsxety4103" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxety5103 Firmware Search vendor "Schneider-electric" for product "Tsxety5103 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxety5103 Search vendor "Schneider-electric" for product "Tsxety5103" | - | - |
Safe
|