1. Home
  2. CVE Database
  3. CVE-2021-22699
HIGH · 7.5

CVE-2021-22699

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the contr...

Vulnerability Description

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-ElectricModicon M241 Firmware< 5.1.9.1
Schneider-ElectricModicon M241-
Schneider-ElectricModicon M251 Firmware< 5.1.9.1
Schneider-ElectricModicon M251-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2021-22699?

CVE-2021-22699 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the contr...

How severe is CVE-2021-22699?

CVE-2021-22699 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22699?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M241 Firmware, Schneider-Electric Modicon M241, Schneider-Electric Modicon M251 Firmware, Schneider-Electric Modicon M251.