CVE-2021-22785 — HIGH (7.5)

Q: How severe is CVE-2021-22785?

CVE-2021-22785 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-22785?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmxp342020 Firmware, Schneider-Electric Modicon M340 Bmxp342020, Schneider-Electric Bmxnoe0100 Firmware, Schneider-Electric Bmxnoe0100, Schneider-Electric Bmxnoe0110 Firmware.

Vulnerability Description

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Schneider-Electric	Modicon M340 Bmxp342020 Firmware	< 3.40
Schneider-Electric	Modicon M340 Bmxp342020	-
Schneider-Electric	Bmxnoe0100 Firmware	All versions
Schneider-Electric	Bmxnoe0100	-
Schneider-Electric	Bmxnoe0110 Firmware	All versions
Schneider-Electric	Bmxnoe0110	-
Schneider-Electric	Bmxnoc0401 Firmware	All versions
Schneider-Electric	Bmxnoc0401	-
Schneider-Electric	Bmxnor0200H Rtu Firmware	All versions
Schneider-Electric	Bmxnor0200H Rtu	-
Schneider-Electric	Tsxp574634 Firmware	All versions
Schneider-Electric	Tsxp574634	-
Schneider-Electric	Tsxp575634 Firmware	All versions
Schneider-Electric	Tsxp575634	-
Schneider-Electric	Tsxp576634 Firmware	All versions
Schneider-Electric	Tsxp576634	-
Schneider-Electric	140Cpu65150 Firmware	All versions
Schneider-Electric	140Cpu65150	-
Schneider-Electric	140Noe771X1 Firmware	All versions
Schneider-Electric	140Noe771X1	-

Related Weaknesses (CWE)

CWE-200

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02PatchVendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02PatchVendor Advisory

FAQ

What is CVE-2021-22785?

CVE-2021-22785 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server o...

How severe is CVE-2021-22785?

CVE-2021-22785 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22785?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmxp342020 Firmware, Schneider-Electric Modicon M340 Bmxp342020, Schneider-Electric Bmxnoe0100 Firmware, Schneider-Electric Bmxnoe0100, Schneider-Electric Bmxnoe0110 Firmware.