PT-2021-15175 · Schneider Electric · Modicon M241+1

Published

2021-05-26

Updated

2022-02-03

CVE-2021-22699

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Modicon M241/M251 logic controllers firmware versions prior to V5.1.9.1

Description The issue is related to improper input validation, which could cause a denial of service when specific crafted requests are sent to the controller over HTTP.

Recommendations For Modicon M241/M251 logic controllers firmware versions prior to V5.1.9.1, update to version V5.1.9.1 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2021-22699

Affected Products

Modicon M241

Modicon M251

PT-2021-15175 · Schneider Electric · Modicon M241+1

CVE-2021-22699

Weakness Enumeration

Related Identifiers

Affected Products

References · 6