First published: Fri Feb 11 2022(Updated: )
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
Credit: cybersecurity@se.com cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Bmxp342020 Firmware | <3.40 | |
Schneider-electric Bmxp342020 | ||
Schneider-electric Bmxnoe0100 Firmware | ||
Schneider-electric Bmxnoe0100 | ||
Schneider-electric Bmxnoe0110 Firmware | ||
Schneider-electric Bmxnoe0110 | ||
Schneider-electric Bmxnoc0401 Firmware | ||
Schneider-electric Bmxnoc0401 | ||
Schneider-electric Bmxnor0200h Rtu Firmware | ||
Schneider-electric Bmxnor0200h Rtu | ||
Schneider-electric Tsxp574634 Firmware | ||
Schneider-electric Tsxp574634 | ||
Schneider-electric Tsxp575634 Firmware | ||
Schneider-electric Tsxp575634 | ||
Schneider-electric Tsxp576634 Firmware | ||
Schneider-electric Tsxp576634 | ||
Schneider-electric 140cpu65150 Firmware | ||
Schneider-electric 140cpu65150 | ||
Schneider-electric 140noe771x1 Firmware | ||
Schneider-electric 140noe771x1 | ||
Schneider-electric 140noc78x00 Firmware | ||
Schneider-electric 140noc78x00 | ||
Schneider-electric 140noc77101 Firmware | ||
Schneider-electric 140noc77101 | ||
Schneider-electric Tsxety4103 Firmware | ||
Schneider-electric Tsxety4103 | ||
Schneider-electric Tsxety5103 Firmware | ||
Schneider-electric Tsxety5103 | ||
All of | ||
Schneider-electric Modicon M340 Bmxp342020 Firmware | <3.40 | |
Schneider-electric Modicon M340 Bmxp342020 | ||
All of | ||
Schneider-electric Bmxnoe0100 Firmware | ||
Schneider-electric Bmxnoe0100 | ||
All of | ||
Schneider-electric Bmxnoe0110 Firmware | ||
Schneider-electric Bmxnoe0110 | ||
All of | ||
Schneider-electric Bmxnoc0401 Firmware | ||
Schneider-electric Bmxnoc0401 | ||
All of | ||
Schneider-electric Bmxnor0200h Rtu Firmware | ||
Schneider-electric Bmxnor0200h Rtu | ||
All of | ||
Schneider-electric Tsxp574634 Firmware | ||
Schneider-electric Tsxp574634 | ||
All of | ||
Schneider-electric Tsxp575634 Firmware | ||
Schneider-electric Tsxp575634 | ||
All of | ||
Schneider-electric Tsxp576634 Firmware | ||
Schneider-electric Tsxp576634 | ||
All of | ||
Schneider-electric 140cpu65150 Firmware | ||
Schneider-electric 140cpu65150 | ||
All of | ||
Schneider-electric 140noe771x1 Firmware | ||
Schneider-electric 140noe771x1 | ||
All of | ||
Schneider-electric 140noc78x00 Firmware | ||
Schneider-electric 140noc78x00 | ||
All of | ||
Schneider-electric 140noc77101 Firmware | ||
Schneider-electric 140noc77101 | ||
All of | ||
Schneider-electric Tsxety4103 Firmware | ||
Schneider-electric Tsxety4103 | ||
All of | ||
Schneider-electric Tsxety5103 Firmware | ||
Schneider-electric Tsxety5103 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22787 is a vulnerability that exists in Schneider-electric Modicon M340 CPUs prior to V3.40 and could lead to denial of service when an attacker sends a specially crafted HTTP request.
Modicon M340 CPUs with versions prior to V3.40 are affected by CVE-2021-22787.
CVE-2021-22787 has a severity value of 7.5 (high).
An attacker can exploit CVE-2021-22787 by sending a specially crafted HTTP request to the web server of the affected device.
Yes, updating the Modicon M340 CPU firmware to version V3.40 or later will fix CVE-2021-22787.