First published: Thu Sep 02 2021(Updated: )
A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Modicon M340 Bmxp341000 | ||
Schneider-electric Modicon M340 Bmxp342010 | ||
Schneider-electric Modicon M340 Bmxp342020 | ||
Schneider-electric Modicon M340 Bmxp342030 | ||
Schneider-electric Modicon M580 Bmeh582040 | ||
Schneider-electric Modicon M580 Bmeh582040c | ||
Schneider-electric Modicon M580 Bmeh582040s | ||
Schneider-electric Modicon M580 Bmeh584040 | ||
Schneider-electric Modicon M580 Bmeh584040c | ||
Schneider-electric Modicon M580 Bmeh584040s | ||
Schneider-electric Modicon M580 Bmeh586040 | ||
Schneider-electric Modicon M580 Bmeh586040c | ||
Schneider-electric Modicon M580 Bmeh586040s | ||
Schneider-electric Modicon M580 Bmep581020 | ||
Schneider-electric Modicon M580 Bmep581020h | ||
Schneider-electric Modicon M580 Bmep582020 | ||
Schneider-electric Modicon M580 Bmep582020h | ||
Schneider-electric Modicon M580 Bmep582040 | ||
Schneider-electric Modicon M580 Bmep582040h | ||
Schneider-electric Modicon M580 Bmep582040s | ||
Schneider-electric Modicon M580 Bmep583020 | ||
Schneider-electric Modicon M580 Bmep583040 | ||
Schneider-electric Modicon M580 Bmep584020 | ||
Schneider-electric Modicon M580 Bmep584040 | ||
Schneider-electric Modicon M580 Bmep584040s | ||
Schneider-electric Modicon M580 Bmep585040 | ||
Schneider-electric Modicon M580 Bmep585040c | ||
Schneider-electric Modicon M580 Bmep586040 | ||
Schneider-electric Modicon M580 Bmep586040c | ||
Schneider-electric Modicon Mc80 Bmkc8020301 | ||
Schneider-electric Modicon Mc80 Bmkc8020310 | ||
Schneider-electric Modicon Mc80 Bmkc8030311 | ||
Schneider-electric Modicon Momentum 171cbu78090 | ||
Schneider-electric Modicon Momentum 171cbu98090 | ||
Schneider-electric Modicon Momentum 171cbu98091 | ||
Schneider-electric Modicon Premium Tsxp57 1634m | ||
Schneider-electric Modicon Premium Tsxp57 2634m | ||
Schneider-electric Modicon Premium Tsxp57 2834m | ||
Schneider-electric Modicon Premium Tsxp57 454m | ||
Schneider-electric Modicon Premium Tsxp57 4634m | ||
Schneider-electric Modicon Premium Tsxp57 554m | ||
Schneider-electric Modicon Premium Tsxp57 5634m | ||
Schneider-electric Modicon Premium Tsxp57 6634m | ||
Schneider-electric Modicon Quantum 140cpu65150 | ||
Schneider-electric Modicon Quantum 140cpu65150c | ||
Schneider-electric Modicon Quantum 140cpu65160 | ||
Schneider-electric Modicon Quantum 140cpu65160c | ||
Schneider-electric Plc Simulator For Ecostruxure Control Expert | ||
Schneider-electric Plc Simulator For Ecostruxure Process Expert |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22792 is a NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file.
CVE-2021-22792 affects Modicon M340 CPU and Modicon M580 CPU with various part numbers and versions.
CVE-2021-22792 has a severity score of 7.5, which is classified as high.
CVE-2021-22792 can be exploited by updating the Modicon PLC controller application with a specially crafted project file.
Yes, you can refer to the following links for more information on CVE-2021-22792: [Reference 1](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04) and [Reference 2](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07)