CVE-2021-22786

CVSS V2 None CVSS V3 None

Description

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)

Overview

CVE ID
CVE-2021-22786

Assigner
cybersecurity@se.com

Vulnerability Status
Analyzed

Published Version
2023-02-01T04:15:08

Last Modified Date
2023-02-08T17:04:19

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware::::::::	1	OR	3.40
cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware::::::::	1	OR	3.40
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware::::::::	1	OR	3.40
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware::::::::	1	OR	3.40
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware::::::::	1	OR	3.40
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware::::::::	1	OR	3.40
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware::::::::	1	OR	3.40
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware::::::::	1	OR	3.40
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware::::::::	1	OR	3.40
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware::::::::	1	OR	3.40
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware::::::::	1	OR	3.20
cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_momentum_171cbu78090_firmware::::::::	1	OR	2.4
cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98090_firmware::::::::	1	OR	2.4
cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98091_firmware::::::::	1	OR	2.4
cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020301_firmware::::::::	1	OR	1.70
cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020310_firmware::::::::	1	OR	1.70
cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:::::::*	0	OR
		AND
cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8030311_firmware::::::::	1	OR	1.70
cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdf	Patch Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2021-22786
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22786

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 07:01:32				Added to TrackCVE
2023-04-17 07:01:35			Weakness Enumeration	new