PT-2021-7690 · Unknown · Triconex Tcm 4351B+3

Published

2021-05-11

Updated

2021-06-07

CVE-2021-22743

CVSS v2.0

4.3

Medium

Vector

AV:L/AC:L/Au:M/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Triconex Model 3009/3009X MP versions prior to the fixed version Triconex TCM 4351B installed on Tricon V11.3.x systems

Description The issue is related to insufficient checking of exceptional states, which can be exploited by an attacker to cause a denial of service using specially crafted TriStation packets. When the Triconex Communications Module receives malformed TriStation packets while the write-protect keyswitch is in the program position, it could cause a module reset.

Recommendations For Triconex Model 3009/3009X MP, update to a version that includes the fix for this issue. For Triconex TCM 4351B installed on Tricon V11.3.x systems, consider restricting access to the TriStation packets or temporarily disabling the write-protect keyswitch when in the program position to minimize the risk of exploitation.

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

BDU:2023-01593

CVE-2021-22743

Affected Products

Tristation

Tricon V11.3.X

Triconex Model 3009/3009X Mp

Triconex Tcm 4351B

PT-2021-7690 · Unknown · Triconex Tcm 4351B+3

CVE-2021-22743

Weakness Enumeration

Related Identifiers

Affected Products

References · 6