CVE-2021-22789: Buffer Overflow
First published: Thu Sep 02 2021(Updated: )
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider Electric Modicon M340 BMXP341000 | ||
| Schneider Electric Modicon M340 BMXP342010 Firmware | ||
| Schneider Electric Modicon M340 BMXP342020 | ||
| Schneider Electric Modicon M340 BMXP342030H | ||
| schneider-electric Modicon M580 | ||
| Modicon M580 | ||
| schneider-electric Modicon M580 | ||
| schneider-electric Modicon M580 bmeh584040c | ||
| schneider-electric Modicon M580 bmeh584040c firmware | ||
| Schneider Electric Modicon M580 BMEH584040S Firmware | ||
| Schneider Electric Modicon M580 | ||
| Schneider Electric Modicon M580 | ||
| Schneider Electric Modicon M580 | ||
| Schneider Electric Modicon M580 BMEP581020 | ||
| schneider-electric Modicon M580 BMEP581020H firmware | ||
| Modicon M580 | ||
| Modicon M580 | ||
| schneider-electric Modicon M580 | ||
| schneider-electric Modicon M580 | ||
| Schneider Electric Modicon M580 BMEP582040S | ||
| Schneider Electric Modicon M580 BMEP583020 | ||
| Schneider Electric Modicon M580 BMEP583040 | ||
| Schneider Electric Modicon M580 BMEP584020 Firmware | ||
| Schneider Electric Modicon M580 BMEP584040 Firmware | ||
| Schneider Electric Modicon M580 BMEP584040S Firmware | ||
| schneider-electric Modicon M580 BMEP585040C Firmware | ||
| schneider-electric Modicon M580 BMEP585040C Firmware | ||
| schneider-electric modicon m580 bmep586040 firmware | ||
| schneider-electric Modicon M580 bmep586040c firmware | ||
| schneider-electric modicon mc80 bmkc8020301 firmware | ||
| Modicon MC80 Firmware | ||
| Schneider Electric Modicon MC80 | ||
| Schneider Electric Modicon Momentum 171CBU78090 | ||
| Schneider Electric Modicon Momentum 171CBU98090 | ||
| Schneider Electric Modicon Momentum 171CBU98091 Firmware | ||
| schneider-electric Modicon Premium TSXP57 1634m firmware | ||
| Schneider Electric Modicon Premium | ||
| schneider-electric Modicon Premium TSXP57 2834m firmware | ||
| schneider-electric Modicon Premium TSXP57 454m firmware | ||
| schneider-electric Modicon Premium TSXP57 4634m firmware | ||
| schneider-electric Modicon Premium TSXP57 554m firmware | ||
| schneider-electric Modicon Premium TSXP57 5634m firmware | ||
| Schneider Electric Modicon Premium | ||
| schneider-electric Modicon Quantum 140cpu65150 firmware | ||
| schneider-electric Modicon Quantum 140cpu65150c firmware | ||
| schneider-electric Modicon Quantum 140cpu65160c | ||
| Schneider Electric Modicon Quantum 140CPU65160C Firmware | ||
| EcoStruxure Control Expert | ||
| Schneider Electric EcoStruxure Process Expert |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-22789?
CVE-2021-22789 is a vulnerability that allows an attacker to cause a denial of service on the Modicon PLC controller / simulator.
What is the severity of CVE-2021-22789?
The severity of CVE-2021-22789 is medium, with a CVSS score of 6.5.
Which software is affected by CVE-2021-22789?
Schneider-electric Modicon M340 and Modicon M580 CPUs, as well as certain models of the Modicon Momentum, Premium, Quantum, and PLC Simulator for Ecostruxure Control Expert and Ecostruxure Process Expert, are affected by CVE-2021-22789.
How can I fix CVE-2021-22789?
To fix CVE-2021-22789, it is recommended to update the controller application with the latest version provided by Schneider Electric.
Where can I find more information about CVE-2021-22789?
You can find more information about CVE-2021-22789 at the following link: [Schneider Electric Security Advisory SEVD-2021-222-04](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04)
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/type
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider electric modicon m340 bmxp341000
- canonical/schneider electric modicon m340 bmxp342010 firmware
- canonical/schneider electric modicon m340 bmxp342020
- canonical/schneider electric modicon m340 bmxp342030h
- canonical/schneider-electric modicon m580
- canonical/modicon m580
- canonical/schneider-electric modicon m580 bmeh584040c
- canonical/schneider-electric modicon m580 bmeh584040c firmware
- canonical/schneider electric modicon m580 bmeh584040s firmware
- canonical/schneider electric modicon m580
- canonical/schneider electric modicon m580 bmep581020
- canonical/schneider-electric modicon m580 bmep581020h firmware
- canonical/schneider electric modicon m580 bmep582040s
- canonical/schneider electric modicon m580 bmep583020
- canonical/schneider electric modicon m580 bmep583040
- canonical/schneider electric modicon m580 bmep584020 firmware
- canonical/schneider electric modicon m580 bmep584040 firmware
- canonical/schneider electric modicon m580 bmep584040s firmware
- canonical/schneider-electric modicon m580 bmep585040c firmware
- canonical/schneider-electric modicon m580 bmep586040 firmware
- canonical/schneider-electric modicon m580 bmep586040c firmware
- canonical/schneider-electric modicon mc80 bmkc8020301 firmware
- canonical/modicon mc80 firmware
- canonical/schneider electric modicon mc80
- canonical/schneider electric modicon momentum 171cbu78090
- canonical/schneider electric modicon momentum 171cbu98090
- canonical/schneider electric modicon momentum 171cbu98091 firmware
- canonical/schneider-electric modicon premium tsxp57 1634m firmware
- canonical/schneider electric modicon premium
- canonical/schneider-electric modicon premium tsxp57 2834m firmware
- canonical/schneider-electric modicon premium tsxp57 454m firmware
- canonical/schneider-electric modicon premium tsxp57 4634m firmware
- canonical/schneider-electric modicon premium tsxp57 554m firmware
- canonical/schneider-electric modicon premium tsxp57 5634m firmware
- canonical/schneider-electric modicon quantum 140cpu65150 firmware
- canonical/schneider-electric modicon quantum 140cpu65150c firmware
- canonical/schneider-electric modicon quantum 140cpu65160c
- canonical/schneider electric modicon quantum 140cpu65160c firmware
- canonical/ecostruxure control expert
- canonical/schneider electric ecostruxure process expert