{"id": "CVE-2021-22788", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-02-11T18:15:09.057", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02", "tags": ["Patch", "Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"}, {"lang": "es", "value": "Una CWE-787: Se presenta una vulnerabilidad de Escritura Fuera de L\u00edmites que podr\u00eda causar una denegaci\u00f3n de servicio cuando un atacante env\u00eda una petici\u00f3n HTTP especialmente dise\u00f1ada al servidor web del dispositivo. Producto afectado: CPUs Modicon M340: BMXP34 (Versiones anteriores a V3.40), M\u00f3dulos de Comunicaci\u00f3n Ethernet Modicon M340 X80: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (Todas las versiones), Procesadores Modicon Premium con Ethernet integrada (Copro): TSXP574634, TSXP575634, TSXP576634 (Todas las versiones), Procesadores Modicon Quantum con Ethernet integrado (Copro): 140CPU65xxxxx (Todas las versiones), M\u00f3dulos de comunicaci\u00f3n Modicon Quantum: 140NOE771x1, 140NOC78x00, 140NOC77101 (Todas las versiones), M\u00f3dulos de comunicaci\u00f3n Modicon Premium: TSXETY4103, TSXETY5103 (todas las versiones)"}], "lastModified": "2024-11-21T05:50:40.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "866BFE7D-D688-40B1-B6E9-B140529001C3", "versionEndExcluding": "3.40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E00817A-E140-418F-93AB-A9B516F090A7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2F33A35-37ED-41AD-94A2-34FEA8E7259B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEF0DA3B-F89B-487D-AAE6-AEA88E28055A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:bmxnor0200h_rtu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9318D16-AA6D-4DE4-B812-D995B291E802"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:bmxnor0200h_rtu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8D792EDB-A93E-495B-AF0A-486C9AC6BACA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C32BDE35-7AC6-44C3-8135-BAA128B44559"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CAEBC02-9BA6-4D36-AC3D-E1CE531F918E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23918D88-851B-480E-972E-EB48CAFA7AF4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8048EA69-8FC8-4415-BA20-D2813F8BD83D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140noe771x1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1468EBB2-8AD8-4886-B4A9-13D1F34EFD8B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140noe771x1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A6EFD78F-DB37-4407-A91C-9D01FA9CAF2F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140noc78x00_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6E80811-AE57-4B01-B3D5-4B346A9F3D8F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140noc78x00:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F4A72EA-E15A-4C31-B0F3-6B9EB48A09B2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10B16121-8DC3-4EA1-AC7B-D611A1C3C9A4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "066E3E6C-8A0E-4360-A4ED-32A84B7647FC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7B418F6-DCED-40B9-8B35-DC50FD8EF6FD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}