CVE-2021-22788
First published: Fri Feb 11 2022(Updated: )
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
Credit: cybersecurity@se.com cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Schneider Electric Modicon M340 BMXP342020 Firmware | <3.40 | |
| Schneider Electric Modicon M340 BMXP342020 | ||
| All of | ||
| Schneider Electric BMXNOE0100 Firmware | ||
| schneider-electric bmxnoe0100 | ||
| All of | ||
| schneider-electric BMXNOE0110H | ||
| schneider-electric BMXNOE0110H | ||
| All of | ||
| schneider-electric BMXNOC0401 | ||
| Schneider Electric Modicon M340 BMXNOC0401 | ||
| All of | ||
| schneider-electric BMXNOR0200H RTU | ||
| Schneider Electric BMXNOR200H | ||
| All of | ||
| Schneider Electric Modicon TSXP574634 Firmware | ||
| schneider-electric TSXP574634 firmware | ||
| All of | ||
| schneider-electric TSXP575634 | ||
| schneider-electric tsxp575634mc | ||
| All of | ||
| Schneider Electric TSXP576634 Firmware | ||
| schneider-electric tsxp576634mc | ||
| All of | ||
| Schneider Electric 140CPU65150 Firmware | ||
| Schneider Electric 140CPU65150 Firmware | ||
| All of | ||
| schneider-electric 140NOE771x1 firmware | ||
| Schneider Electric 140 NOE 771x1 Firmware | ||
| All of | ||
| Schneider Electric 140NOC78x00 Firmware | ||
| Schneider Electric 140NOC78x00 Firmware | ||
| All of | ||
| Schneider Electric 140NOC77101 Firmware | ||
| Schneider Electric 140NOC77101 Firmware | ||
| All of | ||
| Schneider Electric TSXETY4103 Firmware | ||
| Schneider Electric TSXETY4103C | ||
| All of | ||
| schneider-electric tsxety5103c firmware | ||
| schneider-electric TSXETY5103 firmware | ||
| schneider-electric BMXP342020H firmware | <3.40 | |
| schneider-electric BMXP342020H firmware | ||
| Schneider Electric BMXNOE0100 Firmware | ||
| schneider-electric bmxnoe0100 | ||
| schneider-electric BMXNOE0110H | ||
| schneider-electric BMXNOE0110H | ||
| schneider-electric BMXNOC0401 | ||
| Schneider Electric Modicon M340 BMXNOC0401 | ||
| schneider-electric BMXNOR0200H RTU | ||
| Schneider Electric BMXNOR200H | ||
| Schneider Electric Modicon TSXP574634 Firmware | ||
| schneider-electric TSXP574634 firmware | ||
| schneider-electric TSXP575634 | ||
| schneider-electric tsxp575634mc | ||
| Schneider Electric TSXP576634 Firmware | ||
| schneider-electric tsxp576634mc | ||
| Schneider Electric 140CPU65150 Firmware | ||
| Schneider Electric 140CPU65150 Firmware | ||
| schneider-electric 140NOE771x1 firmware | ||
| Schneider Electric 140 NOE 771x1 Firmware | ||
| Schneider Electric 140NOC78x00 Firmware | ||
| Schneider Electric 140NOC78x00 Firmware | ||
| Schneider Electric 140NOC77101 Firmware | ||
| Schneider Electric 140NOC77101 Firmware | ||
| Schneider Electric TSXETY4103 Firmware | ||
| Schneider Electric TSXETY4103C | ||
| schneider-electric tsxety5103c firmware | ||
| schneider-electric TSXETY5103 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-22788.
What is the severity level of CVE-2021-22788?
The severity level of CVE-2021-22788 is high.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-787.
Which products are affected by CVE-2021-22788?
The affected product is Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXN.
How can I fix CVE-2021-22788?
To fix CVE-2021-22788, update your Modicon M340 CPUs to version V3.40 or newer.
- agent/type
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/schneider-electric
- canonical/schneider electric modicon m340 bmxp342020 firmware
- canonical/schneider electric modicon m340 bmxp342020
- canonical/schneider electric bmxnoe0100 firmware
- canonical/schneider-electric bmxnoe0100
- canonical/schneider-electric bmxnoe0110h
- canonical/schneider-electric bmxnoc0401
- canonical/schneider electric modicon m340 bmxnoc0401
- canonical/schneider-electric bmxnor0200h rtu
- canonical/schneider electric bmxnor200h
- canonical/schneider electric modicon tsxp574634 firmware
- canonical/schneider-electric tsxp574634 firmware
- canonical/schneider-electric tsxp575634
- canonical/schneider-electric tsxp575634mc
- canonical/schneider electric tsxp576634 firmware
- canonical/schneider-electric tsxp576634mc
- canonical/schneider electric 140cpu65150 firmware
- canonical/schneider-electric 140noe771x1 firmware
- canonical/schneider electric 140 noe 771x1 firmware
- canonical/schneider electric 140noc78x00 firmware
- canonical/schneider electric 140noc77101 firmware
- canonical/schneider electric tsxety4103 firmware
- canonical/schneider electric tsxety4103c
- canonical/schneider-electric tsxety5103c firmware
- canonical/schneider-electric tsxety5103 firmware
- canonical/schneider-electric bmxp342020h firmware