CVE-2021-22786 — HIGH (7.5)

Q: How severe is CVE-2021-22786?

CVE-2021-22786 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-22786?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware, Schneider-Electric Modicon M340 Bmxp342000, Schneider-Electric Modicon M340 Bmxp342010 Firmware.

Vulnerability Description

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Schneider-Electric	Modicon M340 Bmxp341000 Firmware	< 3.40
Schneider-Electric	Modicon M340 Bmxp341000	-
Schneider-Electric	Modicon M340 Bmxp342000 Firmware	< 3.40
Schneider-Electric	Modicon M340 Bmxp342000	-
Schneider-Electric	Modicon M340 Bmxp342010 Firmware	< 3.40
Schneider-Electric	Modicon M340 Bmxp342010	-
Schneider-Electric	Modicon M340 Bmxp3420102 Firmware	< 3.40
Schneider-Electric	Modicon M340 Bmxp3420102	-
Schneider-Electric	Modicon M340 Bmxp342020 Firmware	< 3.40
Schneider-Electric	Modicon M340 Bmxp342020	-
Schneider-Electric	Modicon M340 Bmxp342020H Firmware	< 3.40
Schneider-Electric	Modicon M340 Bmxp342020H	-
Schneider-Electric	Modicon M340 Bmxp342030 Firmware	< 3.40
Schneider-Electric	Modicon M340 Bmxp342030	-
Schneider-Electric	Modicon M340 Bmxp3420302 Firmware	< 3.40
Schneider-Electric	Modicon M340 Bmxp3420302	-
Schneider-Electric	Modicon M340 Bmxp3420302H Firmware	< 3.40
Schneider-Electric	Modicon M340 Bmxp3420302H	-
Schneider-Electric	Modicon M340 Bmxp342030H Firmware	< 3.40
Schneider-Electric	Modicon M340 Bmxp342030H	-

Related Weaknesses (CWE)

CWE-200

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocPatchVendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocPatchVendor Advisory

FAQ

What is CVE-2021-22786?

CVE-2021-22786 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affe...

How severe is CVE-2021-22786?

CVE-2021-22786 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22786?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Bmxp341000 Firmware, Schneider-Electric Modicon M340 Bmxp341000, Schneider-Electric Modicon M340 Bmxp342000 Firmware, Schneider-Electric Modicon M340 Bmxp342000, Schneider-Electric Modicon M340 Bmxp342010 Firmware.