fkie_cve-2021-22787
Vulnerability from fkie_nvd
Published
2022-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02Patch, Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxp342020 -
schneider-electric bmxnoe0100_firmware *
schneider-electric bmxnoe0100 -
schneider-electric bmxnoe0110_firmware *
schneider-electric bmxnoe0110 -
schneider-electric bmxnoc0401_firmware *
schneider-electric bmxnoc0401 -
schneider-electric bmxnor0200h_rtu_firmware *
schneider-electric bmxnor0200h_rtu -
schneider-electric tsxp574634_firmware *
schneider-electric tsxp574634 -
schneider-electric tsxp575634_firmware *
schneider-electric tsxp575634 -
schneider-electric tsxp576634_firmware *
schneider-electric tsxp576634 -
schneider-electric 140cpu65150_firmware *
schneider-electric 140cpu65150 -
schneider-electric 140noe771x1_firmware *
schneider-electric 140noe771x1 -
schneider-electric 140noc78x00_firmware *
schneider-electric 140noc78x00 -
schneider-electric 140noc77101_firmware *
schneider-electric 140noc77101 -
schneider-electric tsxety4103_firmware *
schneider-electric tsxety4103 -
schneider-electric tsxety5103_firmware *
schneider-electric tsxety5103 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "866BFE7D-D688-40B1-B6E9-B140529001C3",
              "versionEndExcluding": "3.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E00817A-E140-418F-93AB-A9B516F090A7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F33A35-37ED-41AD-94A2-34FEA8E7259B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF0DA3B-F89B-487D-AAE6-AEA88E28055A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmxnor0200h_rtu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9318D16-AA6D-4DE4-B812-D995B291E802",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmxnor0200h_rtu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D792EDB-A93E-495B-AF0A-486C9AC6BACA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C32BDE35-7AC6-44C3-8135-BAA128B44559",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CAEBC02-9BA6-4D36-AC3D-E1CE531F918E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23918D88-851B-480E-972E-EB48CAFA7AF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8048EA69-8FC8-4415-BA20-D2813F8BD83D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140noe771x1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1468EBB2-8AD8-4886-B4A9-13D1F34EFD8B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140noe771x1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6EFD78F-DB37-4407-A91C-9D01FA9CAF2F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140noc78x00_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E80811-AE57-4B01-B3D5-4B346A9F3D8F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140noc78x00:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4A72EA-E15A-4C31-B0F3-6B9EB48A09B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10B16121-8DC3-4EA1-AC7B-D611A1C3C9A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "066E3E6C-8A0E-4360-A4ED-32A84B7647FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7B418F6-DCED-40B9-8B35-DC50FD8EF6FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
    },
    {
      "lang": "es",
      "value": "Una CWE-20: Se presenta una vulnerabilidad de Comprobaci\u00f3n de Entrada Inapropiada que podr\u00eda causar una denegaci\u00f3n de servicio del dispositivo cuando un atacante env\u00eda una petici\u00f3n HTTP especialmente dise\u00f1ada al servidor web del dispositivo. Producto afectado: CPUs Modicon M340: BMXP34 (Versiones anteriores a V3.40), M\u00f3dulos de Comunicaci\u00f3n Ethernet Modicon M340 X80: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (Todas las versiones), Procesadores Modicon Premium con Ethernet integrada (Copro): TSXP574634, TSXP575634, TSXP576634 (Todas las versiones), Procesadores Modicon Quantum con Ethernet integrado (Copro): 140CPU65xxxxx (Todas las versiones), M\u00f3dulos de comunicaci\u00f3n Modicon Quantum: 140NOE771x1, 140NOC78x00, 140NOC77101 (Todas las versiones), M\u00f3dulos de comunicaci\u00f3n Modicon Premium: TSXETY4103, TSXETY5103 (todas las versiones)"
    }
  ],
  "id": "CVE-2021-22787",
  "lastModified": "2024-11-21T05:50:40.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-11T18:15:09.000",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.