CVE-2021-22792

{"id": "CVE-2021-22792", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-09-02T17:15:08.343", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04", "tags": ["Patch", "Vendor Advisory"], "source": "nvd@nist.gov"}, {"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07", "tags": ["Not Applicable"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."}, {"lang": "es", "value": "Una CWE-476: Una vulnerabilidad de Desreferencia de Puntero NULL que podr\u00eda causar una Denegaci\u00f3n de Servicio en el controlador/simulador del PLC Modicon cuando se actualiza la aplicaci\u00f3n del controlador con un archivo de proyecto especialmente dise\u00f1ado se presenta en Modicon M580 CPU (n\u00fameros de pieza BMEP* and BMEH*, todas las versiones), Modicon M340 CPU (n\u00fameros de pieza BMXP34*, todas las versiones), Modicon MC80 (n\u00fameros de pieza BMKC80*, todas las versiones), Modicon Momentum Ethernet CPU (n\u00fameros de pieza 171CBU*, todas las versiones), PLC Simulator para EcoStruxure\u00aa Control Expert, incluidas todas las versiones Unity Pro (antiguo nombre de EcoStruxure\u00aa Control Expert, todas las versiones), PLC Simulator para EcoStruxure\u00aa Process Expert, incluidas todas las versiones HDCS (antiguo nombre de EcoStruxure\u00aa Process Expert, todas las versiones), Modicon Quantum CPU (n\u00fameros de pieza 140CPU*, todas las versiones), Modicon Premium CPU (n\u00fameros de pieza TSXP5*, todas las versiones)"}], "lastModified": "2021-09-13T18:14:53.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "026D5E27-E50D-4614-A3EB-C54150C85572"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39E46898-7206-45C1-9A93-729B5905EF38"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32B611B6-1138-40DF-848A-A4A10E1DB0F2"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4479C318-EE74-4338-B172-EC13D4D62246"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98A25B72-B3A9-4717-8AA9-B164226DF9D9"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "889E9E8B-688E-420E-9A99-AB64BA7ABCDC"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E3446A5-69F7-4270-93E2-CD5614970698"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08FE0C5D-3132-48AD-92EB-B7C4277C1FAA"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD3F1B7C-7972-463E-930E-F359A402DAF5"}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC9D2D4D-558B-424E-AB04-429C83F06DB7"}, {"criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A63ECFF-261A-4C39-964E-CBC4B97147DC"}, {"criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B722F22-2CEB-426B-9615-DD3B73A671F4"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}