CVE-2021-22788
First published: Fri Feb 11 2022(Updated: )
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
Credit: cybersecurity@se.com cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Bmxp342020 Firmware | <3.40 | |
| Schneider-electric Bmxp342020 | ||
| Schneider-electric Bmxnoe0100 Firmware | ||
| Schneider-electric Bmxnoe0100 | ||
| Schneider-electric Bmxnoe0110 Firmware | ||
| Schneider-electric Bmxnoe0110 | ||
| Schneider-electric Bmxnoc0401 Firmware | ||
| Schneider-electric Bmxnoc0401 | ||
| Schneider-electric Bmxnor0200h Rtu Firmware | ||
| Schneider-electric Bmxnor0200h Rtu | ||
| Schneider-electric Tsxp574634 Firmware | ||
| Schneider-electric Tsxp574634 | ||
| Schneider-electric Tsxp575634 Firmware | ||
| Schneider-electric Tsxp575634 | ||
| Schneider-electric Tsxp576634 Firmware | ||
| Schneider-electric Tsxp576634 | ||
| Schneider-electric 140cpu65150 Firmware | ||
| Schneider-electric 140cpu65150 | ||
| Schneider-electric 140noe771x1 Firmware | ||
| Schneider-electric 140noe771x1 | ||
| Schneider-electric 140noc78x00 Firmware | ||
| Schneider-electric 140noc78x00 | ||
| Schneider-electric 140noc77101 Firmware | ||
| Schneider-electric 140noc77101 | ||
| Schneider-electric Tsxety4103 Firmware | ||
| Schneider-electric Tsxety4103 | ||
| Schneider-electric Tsxety5103 Firmware | ||
| Schneider-electric Tsxety5103 | ||
| All of | ||
| Schneider-electric Modicon M340 Bmxp342020 Firmware | <3.40 | |
| Schneider-electric Modicon M340 Bmxp342020 | ||
| All of | ||
| Schneider-electric Bmxnoe0100 Firmware | ||
| Schneider-electric Bmxnoe0100 | ||
| All of | ||
| Schneider-electric Bmxnoe0110 Firmware | ||
| Schneider-electric Bmxnoe0110 | ||
| All of | ||
| Schneider-electric Bmxnoc0401 Firmware | ||
| Schneider-electric Bmxnoc0401 | ||
| All of | ||
| Schneider-electric Bmxnor0200h Rtu Firmware | ||
| Schneider-electric Bmxnor0200h Rtu | ||
| All of | ||
| Schneider-electric Tsxp574634 Firmware | ||
| Schneider-electric Tsxp574634 | ||
| All of | ||
| Schneider-electric Tsxp575634 Firmware | ||
| Schneider-electric Tsxp575634 | ||
| All of | ||
| Schneider-electric Tsxp576634 Firmware | ||
| Schneider-electric Tsxp576634 | ||
| All of | ||
| Schneider-electric 140cpu65150 Firmware | ||
| Schneider-electric 140cpu65150 | ||
| All of | ||
| Schneider-electric 140noe771x1 Firmware | ||
| Schneider-electric 140noe771x1 | ||
| All of | ||
| Schneider-electric 140noc78x00 Firmware | ||
| Schneider-electric 140noc78x00 | ||
| All of | ||
| Schneider-electric 140noc77101 Firmware | ||
| Schneider-electric 140noc77101 | ||
| All of | ||
| Schneider-electric Tsxety4103 Firmware | ||
| Schneider-electric Tsxety4103 | ||
| All of | ||
| Schneider-electric Tsxety5103 Firmware | ||
| Schneider-electric Tsxety5103 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-22788.
What is the severity level of CVE-2021-22788?
The severity level of CVE-2021-22788 is high.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-787.
Which products are affected by CVE-2021-22788?
The affected product is Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXN.
How can I fix CVE-2021-22788?
To fix CVE-2021-22788, update your Modicon M340 CPUs to version V3.40 or newer.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/schneider-electric
- canonical/schneider-electric bmxp342020 firmware
- canonical/schneider-electric bmxp342020
- canonical/schneider-electric bmxnoe0100 firmware
- canonical/schneider-electric bmxnoe0100
- canonical/schneider-electric bmxnoe0110 firmware
- canonical/schneider-electric bmxnoe0110
- canonical/schneider-electric bmxnoc0401 firmware
- canonical/schneider-electric bmxnoc0401
- canonical/schneider-electric bmxnor0200h rtu firmware
- canonical/schneider-electric bmxnor0200h rtu
- canonical/schneider-electric tsxp574634 firmware
- canonical/schneider-electric tsxp574634
- canonical/schneider-electric tsxp575634 firmware
- canonical/schneider-electric tsxp575634
- canonical/schneider-electric tsxp576634 firmware
- canonical/schneider-electric tsxp576634
- canonical/schneider-electric 140cpu65150 firmware
- canonical/schneider-electric 140cpu65150
- canonical/schneider-electric 140noe771x1 firmware
- canonical/schneider-electric 140noe771x1
- canonical/schneider-electric 140noc78x00 firmware
- canonical/schneider-electric 140noc78x00
- canonical/schneider-electric 140noc77101 firmware
- canonical/schneider-electric 140noc77101
- canonical/schneider-electric tsxety4103 firmware
- canonical/schneider-electric tsxety4103
- canonical/schneider-electric tsxety5103 firmware
- canonical/schneider-electric tsxety5103
- canonical/schneider-electric modicon m340 bmxp342020 firmware
- canonical/schneider-electric modicon m340 bmxp342020