// For flags

CVE-2021-22787

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

Una CWE-20: Se presenta una vulnerabilidad de Comprobación de Entrada Inapropiada que podría causar una denegación de servicio del dispositivo cuando un atacante envía una petición HTTP especialmente diseñada al servidor web del dispositivo. Producto afectado: CPUs Modicon M340: BMXP34 (Versiones anteriores a V3.40), Módulos de Comunicación Ethernet Modicon M340 X80: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (Todas las versiones), Procesadores Modicon Premium con Ethernet integrada (Copro): TSXP574634, TSXP575634, TSXP576634 (Todas las versiones), Procesadores Modicon Quantum con Ethernet integrado (Copro): 140CPU65xxxxx (Todas las versiones), Módulos de comunicación Modicon Quantum: 140NOE771x1, 140NOC78x00, 140NOC77101 (Todas las versiones), Módulos de comunicación Modicon Premium: TSXETY4103, TSXETY5103 (todas las versiones)

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-06 CVE Reserved
  • 2022-02-11 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-10-27 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp342020 Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware"
< 3.40
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware" and version " < 3.40"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp342020
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Bmxnoe0100 Firmware
Search vendor "Schneider-electric" for product "Bmxnoe0100 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Bmxnoe0100
Search vendor "Schneider-electric" for product "Bmxnoe0100"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Bmxnoe0110 Firmware
Search vendor "Schneider-electric" for product "Bmxnoe0110 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Bmxnoe0110
Search vendor "Schneider-electric" for product "Bmxnoe0110"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Bmxnoc0401 Firmware
Search vendor "Schneider-electric" for product "Bmxnoc0401 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Bmxnoc0401
Search vendor "Schneider-electric" for product "Bmxnoc0401"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Bmxnor0200h Rtu Firmware
Search vendor "Schneider-electric" for product "Bmxnor0200h Rtu Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Bmxnor0200h Rtu
Search vendor "Schneider-electric" for product "Bmxnor0200h Rtu"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Tsxp574634 Firmware
Search vendor "Schneider-electric" for product "Tsxp574634 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Tsxp574634
Search vendor "Schneider-electric" for product "Tsxp574634"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Tsxp575634 Firmware
Search vendor "Schneider-electric" for product "Tsxp575634 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Tsxp575634
Search vendor "Schneider-electric" for product "Tsxp575634"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Tsxp576634 Firmware
Search vendor "Schneider-electric" for product "Tsxp576634 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Tsxp576634
Search vendor "Schneider-electric" for product "Tsxp576634"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
140cpu65150 Firmware
Search vendor "Schneider-electric" for product "140cpu65150 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
140cpu65150
Search vendor "Schneider-electric" for product "140cpu65150"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
140noe771x1 Firmware
Search vendor "Schneider-electric" for product "140noe771x1 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
140noe771x1
Search vendor "Schneider-electric" for product "140noe771x1"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
140noc78x00 Firmware
Search vendor "Schneider-electric" for product "140noc78x00 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
140noc78x00
Search vendor "Schneider-electric" for product "140noc78x00"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
140noc77101 Firmware
Search vendor "Schneider-electric" for product "140noc77101 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
140noc77101
Search vendor "Schneider-electric" for product "140noc77101"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Tsxety4103 Firmware
Search vendor "Schneider-electric" for product "Tsxety4103 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Tsxety4103
Search vendor "Schneider-electric" for product "Tsxety4103"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Tsxety5103 Firmware
Search vendor "Schneider-electric" for product "Tsxety5103 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Tsxety5103
Search vendor "Schneider-electric" for product "Tsxety5103"
--
Safe