CVE-2021-22786

Name of the Vulnerable Software and Affected Versions Modicon M340 CPU versions prior to V3.30 Modicon M580 CPU versions prior to SV3.20 Modicon MC80 versions prior to V1.6 Modicon M580 CPU Safety version all Modicon Momentum MDI versions prior to V2.3 Legacy Modicon Quantum version all

Description A CWE-200: Information Exposure issue exists, potentially exposing sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For Modicon M340 CPU versions prior to V3.30, update to version V3.30 or later. For Modicon M580 CPU versions prior to SV3.20, update to version SV3.20 or later. For Modicon MC80 versions prior to V1.6, update to version V1.6 or later. For Modicon M580 CPU Safety, consider disabling the Modbus TCP protocol until a patch is available. For Modicon Momentum MDI versions prior to V2.3, update to version V2.3 or later. For Legacy Modicon Quantum, consider restricting access to the Modbus TCP protocol to minimize the risk of exploitation.