CVE-2021-22742

Name of the Vulnerable Software and Affected Versions Triconex Model 3009 MP versions 11.3.x

Description The issue is related to an improper check for unusual or exceptional conditions, which could cause a module reset when the Triconex Communications Module (TCM) receives malformed TriStation packets. This can occur when the write-protect keyswitch is in the program position. The vulnerability may allow an attacker to cause a denial of service using specially crafted TriStation packets.

Recommendations For Triconex Model 3009 MP version 11.3.x, consider disabling the reception of TriStation packets when the write-protect keyswitch is in the program position as a temporary workaround until a patch is available. Restrict access to the TCM to minimize the risk of exploitation. Avoid using the TriStation protocol in the affected systems until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.