critical
9.1
CWE
290
Advisory Published
Updated

CVE-2021-22779

First published: Wed Jul 14 2021(Updated: )

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.

Credit: cybersecurity@se.com

Affected SoftwareAffected VersionHow to fix
Schneider-electric Ecostruxure Control Expert<15.0
Schneider-electric Ecostruxure Control Expert=15.0
Schneider-electric Ecostruxure Control Expert=15.0-sp1
Schneider-electric Ecostruxure Process Expert
Schneider-electric Remoteconnect
Schneider-electric Modicon M580 Bmep581020 Firmware
Schneider-electric Modicon M580 Bmep581020
Schneider-electric Modicon M580 Bmep581020h Firmware
Schneider-electric Modicon M580 Bmep581020h
Schneider-electric Modicon M580 Bmep582020 Firmware
Schneider-electric Modicon M580 Bmep582020
Schneider-electric Modicon M580 Bmep582020h Firmware
Schneider-electric Modicon M580 Bmep582020h
Schneider-electric Modicon M580 Bmep582040 Firmware
Schneider-electric Modicon M580 Bmep582040
Schneider-electric Modicon M580 Bmep582040h Firmware
Schneider-electric Modicon M580 Bmep582040h
Schneider-electric Modicon M580 Bmep582040s Firmware
Schneider-electric Modicon M580 Bmep582040s
Schneider-electric Modicon M580 Bmep583020 Firmware
Schneider-electric Modicon M580 Bmep583020
Schneider-electric Modicon M580 Bmep583040 Firmware
Schneider-electric Modicon M580 Bmep583040
Schneider-electric Modicon M580 Bmep584020 Firmware
Schneider-electric Modicon M580 Bmep584020
Schneider-electric Modicon M580 Bmep584040 Firmware
Schneider-electric Modicon M580 Bmep584040
Schneider-electric Modicon M580 Bmep584040s Firmware
Schneider-electric Modicon M580 Bmep584040s
Schneider-electric Modicon M580 Bmep585040 Firmware
Schneider-electric Modicon M580 Bmep585040
Schneider-electric Modicon M580 Bmep585040c Firmware
Schneider-electric Modicon M580 Bmep585040c
Schneider-electric Modicon M580 Bmep586040 Firmware
Schneider-electric Modicon M580 Bmep586040
Schneider-electric Modicon M580 Bmep586040c Firmware
Schneider-electric Modicon M580 Bmep586040c
Schneider-electric Modicon M580 Bmeh582040 Firmware
Schneider-electric Modicon M580 Bmeh582040
Schneider-electric Modicon M580 Bmeh582040c Firmware
Schneider-electric Modicon M580 Bmeh582040c
Schneider-electric Modicon M580 Bmeh582040s Firmware
Schneider-electric Modicon M580 Bmeh582040s
Schneider-electric Modicon M580 Bmeh584040 Firmware
Schneider-electric Modicon M580 Bmeh584040
Schneider-electric Modicon M580 Bmeh584040c Firmware
Schneider-electric Modicon M580 Bmeh584040c
Schneider-electric Modicon M580 Bmeh584040s Firmware
Schneider-electric Modicon M580 Bmeh584040s
Schneider-electric Modicon M580 Bmeh586040 Firmware
Schneider-electric Modicon M580 Bmeh586040
Schneider-electric Modicon M580 Bmeh586040c Firmware
Schneider-electric Modicon M580 Bmeh586040c
Schneider-electric Modicon M580 Bmeh586040s Firmware
Schneider-electric Modicon M580 Bmeh586040s
Schneider-electric Modicon M340 Bmxp341000 Firmware
Schneider-electric Modicon M340 Bmxp341000
Schneider-electric Modicon M340 Bmxp342010 Firmware
Schneider-electric Modicon M340 Bmxp342010
Schneider-electric Modicon M340 Bmxp342020 Firmware
Schneider-electric Modicon M340 Bmxp342020
Schneider-electric Modicon M340 Bmxp342030 Firmware
Schneider-electric Modicon M340 Bmxp342030

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-22779 vulnerability?

    The severity of CVE-2021-22779 vulnerability is rated as critical with a CVSS score of 9.1.

  • How can I fix the Authentication Bypass by Spoofing vulnerability in EcoStruxure Control Expert?

    To fix the Authentication Bypass by Spoofing vulnerability in EcoStruxure Control Expert, it is recommended to update to version V15.0 SP1 or later.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203