CVE-2021-22792

Name of the Vulnerable Software and Affected Versions Modicon M580 CPU versions all Modicon M340 CPU versions all Modicon MC80 versions all Modicon Momentum Ethernet CPU versions all PLC Simulator for EcoStruxure Control Expert versions all PLC Simulator for EcoStruxure Process Expert versions all Modicon Quantum CPU versions all Modicon Premium CPU versions all

Description The issue is related to a NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller or simulator when updating the controller application with a specially crafted project file. This vulnerability is associated with the exploitation of a null pointer dereference, which can be triggered remotely.

Recommendations For Modicon M580 CPU, update to a version that includes a fix for this issue. For Modicon M340 CPU, update to a version that includes a fix for this issue. For Modicon MC80, update to a version that includes a fix for this issue. For Modicon Momentum Ethernet CPU, update to a version that includes a fix for this issue. For PLC Simulator for EcoStruxure Control Expert, update to a version that includes a fix for this issue. For PLC Simulator for EcoStruxure Process Expert, update to a version that includes a fix for this issue. For Modicon Quantum CPU, update to a version that includes a fix for this issue. For Modicon Premium CPU, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the controller application update functionality until a patch is available.