PT-2021-7528 · Schneider Electric · Modicon M340 Cpu+5
Pham Van Khanh
+1
·
Published
2021-09-14
·
Updated
2024-04-10
·
CVE-2021-22788
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Modicon M340 CPUs versions prior to V3.40
Modicon M340 X80 Ethernet Communication Modules versions (all versions)
Modicon Premium Processors with integrated Ethernet versions (all versions)
Modicon Quantum Processors with Integrated Ethernet versions (all versions)
Modicon Quantum Communication Modules versions (all versions)
Modicon Premium Communication Modules versions (all versions)
Description
The issue is related to a buffer overflow in the software of programmable logic controllers. An attacker can exploit this by sending specially crafted HTTP requests, potentially causing a denial of service.
Recommendations
For Modicon M340 CPUs versions prior to V3.40, update to version V3.40 or later.
For Modicon M340 X80 Ethernet Communication Modules, restrict access to the web server until a patch is available.
For Modicon Premium Processors with integrated Ethernet, consider disabling the HTTP server functionality until a fix is provided.
For Modicon Quantum Processors with Integrated Ethernet, avoid using the vulnerable communication modules until an update is released.
For Modicon Quantum Communication Modules and Modicon Premium Communication Modules, limit network exposure to these modules until a patch is available.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Modicon M340 Cpu
Modicon M340 X80 Ethernet Communication Modules
Modicon Premium Communication Modules
Modicon Premium Processors
Modicon Quantum Communication Modules
Modicon Quantum Processors