Details of VAR-202109-0203

ID

VAR-202109-0203

CVE

CVE-2021-22791

TITLE

plural Schneider Electric Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-011446

DESCRIPTION

A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). plural Schneider Electric The product contains a vulnerability related to out-of-bounds writes.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-22791 // JVNDB: JVNDB-2021-011446 // VULMON: CVE-2021-22791

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m580 bmeh584040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh582040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep581020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 454m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh586040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582020h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh584040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon mc80 bmkc8030311	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep585040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582040h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep584040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 2634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh584040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh586040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep586040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65150c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep584040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 1634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 554m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon momentum 171cbu78090	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342030	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep585040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh582040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65160	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh582040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	plc simulator for ecostruxure process expert	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342010	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon momentum 171cbu98090	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon mc80 bmkc8020301	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon momentum 171cbu98091	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 2834m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 4634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp341000	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep584020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65150	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep581020h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep583040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	plc simulator for ecostruxure control expert	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 5634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65160c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon mc80 bmkc8020310	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 6634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep586040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep583020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh586040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342010	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh584040	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh582040c	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh584040c	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh584040s	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh582040s	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m340 bmxp342030	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m340 bmxp342020	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m340 bmxp341000	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh582040	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-011446 // NVD: CVE-2021-22791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22791
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22791
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202109-123
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-22791
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22791
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-22791
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22791
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-22791 // JVNDB: JVNDB-2021-011446 // CNNVD: CNNVD-202109-123 // NVD: CVE-2021-22791

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011446 // NVD: CVE-2021-22791

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-123

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202109-123

PATCH

title:	SEVD-2021-222-04	url:	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04	Trust: 0.8
title:	Multiple Schneider Electric Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161389	Trust: 0.6

sources: JVNDB: JVNDB-2021-011446 // CNNVD: CNNVD-202109-123

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22791	Trust: 3.3
db:	SCHNEIDER	id:	SEVD-2021-222-04	Trust: 1.7
db:	SCHNEIDER	id:	SEVD-2021-222-06	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-011446	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-123	Trust: 0.6
db:	VULMON	id:	CVE-2021-22791	Trust: 0.1

sources: VULMON: CVE-2021-22791 // JVNDB: JVNDB-2021-011446 // CNNVD: CNNVD-202109-123 // NVD: CVE-2021-22791

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-222-06	Trust: 1.7
url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-222-04	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22791	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-22791 // JVNDB: JVNDB-2021-011446 // CNNVD: CNNVD-202109-123 // NVD: CVE-2021-22791

SOURCES

db:	VULMON	id:	CVE-2021-22791
db:	JVNDB	id:	JVNDB-2021-011446
db:	CNNVD	id:	CNNVD-202109-123
db:	NVD	id:	CVE-2021-22791

LAST UPDATE DATE

2024-08-14T14:31:38.481000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-22791	date:	2021-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-011446	date:	2022-07-29T07:29:00
db:	CNNVD	id:	CNNVD-202109-123	date:	2021-09-14T00:00:00
db:	NVD	id:	CVE-2021-22791	date:	2021-09-13T19:28:42.877

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-22791	date:	2021-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-011446	date:	2022-07-29T00:00:00
db:	CNNVD	id:	CNNVD-202109-123	date:	2021-09-02T00:00:00
db:	NVD	id:	CVE-2021-22791	date:	2021-09-02T17:15:08.290