CVE-2021-22790

Name of the Vulnerable Software and Affected Versions Modicon M580 CPU versions all Modicon M340 CPU versions all Modicon MC80 versions all Modicon Momentum Ethernet CPU versions all PLC Simulator for EcoStruxure Control Expert versions all PLC Simulator for EcoStruxure Process Expert versions all Modicon Quantum CPU versions all Modicon Premium CPU versions all

Description The issue is related to a buffer read overflow in memory, which could allow a remote attacker to cause a denial of service. This is a result of a specially crafted project file being used to update the controller application.

Recommendations For Modicon M580 CPU, update to a version that includes a fix for this issue. For Modicon M340 CPU, update to a version that includes a fix for this issue. For Modicon MC80, update to a version that includes a fix for this issue. For Modicon Momentum Ethernet CPU, update to a version that includes a fix for this issue. For PLC Simulator for EcoStruxure Control Expert, update to a version that includes a fix for this issue. For PLC Simulator for EcoStruxure Process Expert, update to a version that includes a fix for this issue. For Modicon Quantum CPU, update to a version that includes a fix for this issue. For Modicon Premium CPU, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the controller application until a patch is available.