Vulnerabilites related to schneider-electric - modicon_m580_bmep583020
cve-2022-45789
Vulnerability from cvelistv5
Published
2023-01-31 00:00
Modified
2025-02-05 20:07
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf
Impacted products
Vendor Product Version
Schneider Electric EcoStruxure Control Expert Version: All Versions
 Create a notification for this product.
   Schneider Electric EcoStruxure Process Expert Version: All Versions
 Create a notification for this product.
   Schneider Electric Modicon M340 CPU (part numbers BMXP34*) Version: All Versions
 Create a notification for this product.
   Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*) Version: All Versions
 Create a notification for this product.
   Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) Version: All Versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:17:04.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-45789",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T19:52:21.864489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T20:07:07.568Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Control Expert ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Process Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M340 CPU (part numbers BMXP34*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*) ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)\u003c/p\u003e"
            }
          ],
          "value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294: Authentication Bypass by Capture-Replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-09T13:48:11.112Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2022-45789",
    "datePublished": "2023-01-31T00:00:00.000Z",
    "dateReserved": "2022-11-22T00:00:00.000Z",
    "dateUpdated": "2025-02-05T20:07:07.568Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-37300
Vulnerability from cvelistv5
Published
2022-09-12 17:40
Modified
2024-08-03 10:29
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).
References
https://www.se.com/us/en/download/document/SEVD-2022-221-01/x_refsource_MISC
Impacted products
Vendor Product Version
Schneider Electric EcoStruxure Control Expert Version: SP1   <
Create a notification for this product.
   Schneider Electric EcoStruxure Process Expert Version: V   <
Create a notification for this product.
   Schneider Electric Modicon M340 CPU Version: BMXP34   <
Create a notification for this product.
   Schneider Electric Modicon M580 CPU Version: BMEP   <
Version: BMEH   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:29:20.628Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EcoStruxure Control Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "15.0",
              "status": "affected",
              "version": "SP1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "EcoStruxure Process Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "2021",
              "status": "affected",
              "version": "V",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Modicon M340 CPU",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "3.40",
              "status": "affected",
              "version": "BMXP34",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Modicon M580 CPU",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "3.20",
              "status": "affected",
              "version": "BMEP",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.20",
              "status": "affected",
              "version": "BMEH",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-640",
              "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-12T17:40:10",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2022-37300",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EcoStruxure Control Expert",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "SP1",
                            "version_value": "15.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "EcoStruxure Process Expert",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "V",
                            "version_value": "2021"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Modicon M340 CPU",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "BMXP34",
                            "version_value": "3.40"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Modicon M580 CPU",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "BMEP",
                            "version_value": "3.20"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "BMEH",
                            "version_value": "3.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/",
              "refsource": "MISC",
              "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2022-37300",
    "datePublished": "2022-09-12T17:40:10",
    "dateReserved": "2022-08-01T00:00:00",
    "dateUpdated": "2024-08-03T10:29:20.628Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22786
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2025-02-05 20:06
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdf
Impacted products
Vendor Product Version
Schneider Electric Modicon M340 CPU (part numbers BMXP34*) Version: All   < V3.30
 Create a notification for this product.
   Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*) Version: All   < V3.20
 Create a notification for this product.
   Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) Version: All Versions
 Create a notification for this product.
   Schneider Electric Modicon MC80 (BMKC80) Version: All   < V1.6
 Create a notification for this product.
   Schneider Electric Modicon Momentum CPU (171CBU*) Version: All   < V2.3
 Create a notification for this product.
   Schneider Electric Legacy Modicon Quantum Version: All Versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-22786",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T19:54:57.011597Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T20:06:44.280Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M340 CPU (part numbers BMXP34*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThan": "V3.30",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThan": "V3.20",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "product": "Modicon MC80 (BMKC80)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThan": "V1.6",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Modicon Momentum CPU (171CBU*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Legacy Modicon Quantum",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        }
      ],
      "datePublic": "2022-08-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-01T00:00:00.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22786",
    "datePublished": "2023-02-01T00:00:00.000Z",
    "dateReserved": "2021-01-06T00:00:00.000Z",
    "dateUpdated": "2025-02-05T20:06:44.280Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22791
Vulnerability from cvelistv5
Published
2021-09-02 16:52
Modified
2024-08-03 18:51
Severity ?
Summary
A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06x_refsource_MISC
Impacted products
Vendor Product Version
n/a Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions) Version: Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.453Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-02T16:52:51",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22791",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787: Out-of-bounds Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06",
              "refsource": "MISC",
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22791",
    "datePublished": "2021-09-02T16:52:51",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:51:07.453Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-37301
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2024-08-03 10:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)
References
https://www.se.com/us/en/download/document/SEVD-2022-221-02/
Impacted products
Vendor Product Version
Schneider Electric Modicon M340 CPU (part numbers BMXP34*) Version: V   <
Create a notification for this product.
   Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*) Version: V   <
Create a notification for this product.
   Schneider Electric Legacy Modicon Quantum/Premium Version: All Versions
 Create a notification for this product.
   Schneider Electric Modicon Momentum MDI (171CBU*) Version: All Versions
 Create a notification for this product.
   Schneider Electric Modicon MC80 (BMKC80) Version: V   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:29:20.468Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-02/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M340 CPU (part numbers BMXP34*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "3.40",
              "status": "affected",
              "version": "V",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*) ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "3.22",
              "status": "affected",
              "version": "V",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Legacy Modicon Quantum/Premium",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All  Versions"
            }
          ]
        },
        {
          "product": "Modicon Momentum MDI (171CBU*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All  Versions"
            }
          ]
        },
        {
          "product": "Modicon MC80 (BMKC80)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "1.7",
              "status": "affected",
              "version": "V",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-22T00:00:00",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-02/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2022-37301",
    "datePublished": "2022-11-22T00:00:00",
    "dateReserved": "2022-08-01T00:00:00",
    "dateUpdated": "2024-08-03T10:29:20.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-6819
Vulnerability from cvelistv5
Published
2019-05-22 19:45
Modified
2024-08-04 20:31
Severity ?
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.
References
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/x_refsource_MISC
http://www.securityfocus.com/bid/109004vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium Version: Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:31:04.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/"
          },
          {
            "name": "109004",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-03T13:06:07",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/"
        },
        {
          "name": "109004",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109004"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6819",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/",
              "refsource": "MISC",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/"
            },
            {
              "name": "109004",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109004"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2019-6819",
    "datePublished": "2019-05-22T19:45:08",
    "dateReserved": "2019-01-25T00:00:00",
    "dateUpdated": "2024-08-04T20:31:04.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-6855
Vulnerability from cvelistv5
Published
2020-01-06 22:56
Modified
2024-08-04 20:31
Severity ?
Summary
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.
References
https://www.se.com/ww/en/download/document/SEVD-2019-344-02/x_refsource_MISC
Impacted products
Vendor Product Version
n/a EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10) Version: EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:31:04.396Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-02/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": " EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-13T18:30:05",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-02/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6855",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": " EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863: Incorrect Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-02/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-02/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2019-6855",
    "datePublished": "2020-01-06T22:56:58",
    "dateReserved": "2019-01-25T00:00:00",
    "dateUpdated": "2024-08-04T20:31:04.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22779
Vulnerability from cvelistv5
Published
2021-07-14 14:26
Modified
2024-08-03 18:51
Severity ?
Summary
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.
References
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01x_refsource_MISC
Impacted products
Vendor Product Version
n/a EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*) Version: EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290: Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-14T14:26:41",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22779",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-290: Authentication Bypass by Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01",
              "refsource": "MISC",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22779",
    "datePublished": "2021-07-14T14:26:41",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:51:07.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-7851
Vulnerability from cvelistv5
Published
2019-05-22 19:56
Modified
2024-08-05 06:37
Severity ?
Summary
CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.
References
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/x_refsource_MISC
Impacted products
Vendor Product Version
n/a Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx Version: Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Buffer errors",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-22T19:56:24",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7851",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119: Buffer errors"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/",
              "refsource": "MISC",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7851",
    "datePublished": "2019-05-22T19:56:24",
    "dateReserved": "2018-03-08T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7537
Vulnerability from cvelistv5
Published
2020-12-11 00:51
Modified
2024-08-04 09:33
Severity ?
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
References
https://www.se.com/ww/en/download/document/SEVD-2020-343-08/x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions) Version: Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-11T00:51:52",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/",
              "refsource": "CONFIRM",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7537",
    "datePublished": "2020-12-11T00:51:52",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-45788
Vulnerability from cvelistv5
Published
2023-01-30 00:00
Modified
2025-02-05 20:07
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf
Impacted products
Vendor Product Version
Schneider Electric EcoStruxure Control Expert Version: All Versions
 Create a notification for this product.
   Schneider Electric EcoStruxure Process Expert Version: All Versions
 Create a notification for this product.
   Schneider Electric Modicon M340 CPU (part numbers BMXP34*) Version: All Versions
 Create a notification for this product.
   Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*) Version: All Versions
 Create a notification for this product.
   Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) Version: All Versions
 Create a notification for this product.
   Schneider Electric Modicon Momentum Unity M1E Processor (171CBU*) Version: All Versions
 Create a notification for this product.
   Schneider Electric Modicon MC80 (BMKC80) Version: All Versions
 Create a notification for this product.
   Schneider Electric Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*) Version: All Versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:17:04.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-45788",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T19:52:24.602959Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T20:07:14.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Control Expert ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Process Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M340 CPU (part numbers BMXP34*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*) ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon Momentum Unity M1E Processor (171CBU*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon MC80 (BMKC80)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality \u0026amp; integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)\u003c/p\u003e"
            }
          ],
          "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality \u0026 integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-09T13:43:07.202Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2022-45788",
    "datePublished": "2023-01-30T00:00:00.000Z",
    "dateReserved": "2022-11-22T00:00:00.000Z",
    "dateUpdated": "2025-02-05T20:07:14.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22789
Vulnerability from cvelistv5
Published
2021-09-02 16:52
Modified
2024-08-03 18:51
Severity ?
Summary
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04x_refsource_MISC
Impacted products
Vendor Product Version
n/a Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions) Version: Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.526Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-02T16:52:25",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22789",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04",
              "refsource": "MISC",
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22789",
    "datePublished": "2021-09-02T16:52:25",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:51:07.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22790
Vulnerability from cvelistv5
Published
2021-09-02 16:52
Modified
2024-08-03 18:51
Severity ?
Summary
A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05x_refsource_MISC
Impacted products
Vendor Product Version
n/a Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions) Version: Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-02T16:52:39",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22790",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125: Out-of-bounds Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05",
              "refsource": "MISC",
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22790",
    "datePublished": "2021-09-02T16:52:39",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:51:07.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-7838
Vulnerability from cvelistv5
Published
2019-07-15 20:49
Modified
2024-08-05 06:37
Severity ?
Summary
A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.
References
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03x_refsource_MISC
Impacted products
Vendor Product Version
Modicon Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16 Version: Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16",
          "vendor": "Modicon",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16"
            }
          ]
        }
      ],
      "datePublic": "2019-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Buffer Errors",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-15T20:49:01",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7838",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Modicon"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119 Buffer Errors"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03",
              "refsource": "MISC",
              "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7838",
    "datePublished": "2019-07-15T20:49:01",
    "dateReserved": "2018-03-08T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-6408
Vulnerability from cvelistv5
Published
2024-02-14 16:52
Modified
2024-08-02 08:28
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf
Impacted products
Vendor Product Version
Schneider Electric Modicon M340 CPU (part numbers BMXP34*) Version: Versions prior to sv3.60
 Create a notification for this product.
   Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) Version: Versions prior to sv4.20
 Create a notification for this product.
   Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) Version: All Versions
 Create a notification for this product.
   Schneider Electric EcoStruxure Control Expert Version: Versions prior to v16.0
 Create a notification for this product.
   Schneider Electric EcoStruxure Process Expert Version: Versions prior to v2023
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "modicon_m580_bmep585040_firmware",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThan": "4.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "modicon_m340_bmxp342030h_firmware",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThan": "3.60",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "modicon_m580_bmeh586040s_firmware",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6408",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T19:15:41.696437Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T19:36:47.656Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:21.776Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M340 CPU (part numbers BMXP34*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to sv3.60"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to sv4.20"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Control Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to v16.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Process Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to v2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n"
            }
          ],
          "value": "\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-924",
              "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-14T16:52:24.805Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-6408",
    "datePublished": "2024-02-14T16:52:24.805Z",
    "dateReserved": "2023-11-30T09:52:30.945Z",
    "dateUpdated": "2024-08-02T08:28:21.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22792
Vulnerability from cvelistv5
Published
2021-09-02 16:53
Modified
2024-08-03 18:51
Severity ?
Summary
A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07x_refsource_MISC
Impacted products
Vendor Product Version
n/a Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions) Version: Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.455Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-02T16:53:00",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22792",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476: NULL Pointer Dereference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07",
              "refsource": "MISC",
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22792",
    "datePublished": "2021-09-02T16:53:00",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:51:07.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7542
Vulnerability from cvelistv5
Published
2020-12-11 00:52
Modified
2024-08-04 09:33
Severity ?
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
References
https://www.se.com/ww/en/download/document/SEVD-2020-343-08/x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions) Version: Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-11T00:52:14",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/",
              "refsource": "CONFIRM",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7542",
    "datePublished": "2020-12-11T00:52:14",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7543
Vulnerability from cvelistv5
Published
2020-12-11 00:52
Modified
2024-08-04 09:33
Severity ?
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
References
https://www.se.com/ww/en/download/document/SEVD-2020-343-08/x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions) Version: Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-11T00:52:21",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7543",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/",
              "refsource": "CONFIRM",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7543",
    "datePublished": "2020-12-11T00:52:21",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:12
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.
References
cybersecurity@se.comhttps://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric m580_firmware *
schneider-electric bmeh582040 -
schneider-electric bmeh582040c -
schneider-electric bmeh584040 -
schneider-electric bmeh584040c -
schneider-electric bmeh586040 -
schneider-electric bmeh586040c -
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c -
schneider-electric m340_firmware *
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp341000h -
schneider-electric modicon_m340_bmxp342000 -
schneider-electric modicon_m340_bmxp3420102 -
schneider-electric modicon_m340_bmxp3420102cl -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342020h -
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric modicon_m340_bmxp3420302cl -
schneider-electric modicon_m340_bmxp3420302h -
schneider-electric bmx\/e_cra_firmware *
schneider-electric bmxcra31200 -
schneider-electric bmxcra31210c -
schneider-electric modicon_premium_firmware *
schneider-electric modicon_premium -
schneider-electric 140cra312xxx_firmware *
schneider-electric 140cra312xxx -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B538C424-0F99-4D98-AB1F-CFE9D07DA37B",
              "versionEndExcluding": "2.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E6E5E62-BBA8-4370-A232-8E1196757C3E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C393EAE-D2A1-42BC-8CE8-2DCAC96EB769",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2A8BF9D-AFD1-4F19-A0DB-5EB6F343D890",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D48211-A734-4F98-A4D5-569268335757",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D22DD5-677B-42E8-AE1F-11601D4BF110",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "79907FE7-B4B0-4732-9287-B7ED13115F6C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8ED6BE5-14D0-4B3C-B00D-5274D9233247",
              "versionEndExcluding": "3.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69222495-4F18-434E-B86C-F63C5A2C1242",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmx\\/e_cra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB34942D-0DBD-43CB-847A-C5349EB9A92A",
              "versionEndExcluding": "2.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmxcra31200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "887930A9-2577-4E69-AB81-0C8582A13F34",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmxcra31210c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "46150F0B-D3A6-44C4-94A1-448D1B4294EB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cra312xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE700BF-EEFD-4349-9B33-432281EA23BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cra312xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CC7AABD-9260-4F6C-A6C9-AE738263F90A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability."
    },
    {
      "lang": "es",
      "value": "CWE-119: Existe una vulnerabilidad de errores de b\u00fafer en Modicon M580 con firmware anterior a V2.50, Modicon M340 con firmware anterior a V3.01, BMxCRA312xx con firmware anterior a V2.40 y todas las versiones de firmware de Modicon Premium y 140CRA312xxx al enviar un paquete Modbus especialmente creado, que podr\u00eda generar una Denegaci\u00f3n de Servicio al dispositivo que forzar\u00eda un reinicio para restaurar la disponibilidad."
    }
  ],
  "id": "CVE-2018-7851",
  "lastModified": "2024-11-21T04:12:52.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-22T20:29:01.853",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-07-15 21:15
Modified
2024-11-21 04:12
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.
References
cybersecurity@se.comhttps://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric bmenoc0301_firmware *
schneider-electric bmenoc0301 -
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric bmeh584040 -
schneider-electric bmeh584040c -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c -
schneider-electric bmeh586040_firmware *
schneider-electric bmeh586040 -
schneider-electric bmeh586040c -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep582040s -
schneider-electric bmeh582040_firmware *
schneider-electric bmeh582040 -
schneider-electric bmeh582040c -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmenoc0301_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB75A465-BACD-417F-9E87-5EBDBEF6DE91",
              "versionEndExcluding": "2.16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmenoc0301:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE6DE336-F696-4C92-9244-315C154F2CE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C706A8-BF41-4003-9A34-E7C5FCF3956F",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2A8BF9D-AFD1-4F19-A0DB-5EB6F343D890",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D48211-A734-4F98-A4D5-569268335757",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7793E88-6E59-43E5-B313-A21D40B63B47",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmeh586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90CB4BA4-B2B2-441C-A08F-EAB82A0E53DD",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D22DD5-677B-42E8-AE1F-11601D4BF110",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "79907FE7-B4B0-4732-9287-B7ED13115F6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "054142F8-E6AF-48A5-8548-194651EB16FB",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93A877E-BB42-4530-AE81-5C0D727B8A26",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B41AE173-2394-4508-A7DD-3166B6C0EBA0",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDB6829A-AE69-4DDC-B705-A94C8C7ADDA6",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8762598D-F015-498D-B478-C0CA8ABCB11C",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DA851AB-E6AD-4D84-AA3C-071E351C699F",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A33F89-F53A-4DA0-8D21-2F7315A7E5E7",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FCDF8B2-687C-436E-BAF9-654D94409FC7",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmeh582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4166AE7D-36E9-4F72-868E-DC10DC071E99",
              "versionEndExcluding": "2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E6E5E62-BBA8-4370-A232-8E1196757C3E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C393EAE-D2A1-42BC-8CE8-2DCAC96EB769",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service."
    },
    {
      "lang": "es",
      "value": "Una CWE-119: Existe una vulnerabilidad de Errores de B\u00fafer en la CPU M580 - BMEP582040 de Modicon , todas las versiones anteriores a la V2.90, y el m\u00f3dulo Ethernet BMENOC0301 de Modicon, todas las versiones anteriores a la V2.16, lo que podr\u00eda causar la denegaci\u00f3n de servicio en el servicio FTP del controlador o M\u00f3dulo Ethernet BMENOC  cuando recibe un comando CWD de FTP con una longitud de datos superior a 1020 bytes. Se necesita entonces un ciclo de energ\u00eda para reactivar el servicio FTP."
    }
  ],
  "id": "CVE-2018-7838",
  "lastModified": "2024-11-21T04:12:51.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-15T21:15:10.477",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-12-11 01:15
Modified
2024-11-21 05:37
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
References
cybersecurity@se.comhttps://www.se.com/ww/en/download/document/SEVD-2020-343-08/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.se.com/ww/en/download/document/SEVD-2020-343-08/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp342000 -
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric modicon_m340_bmxp3420102 -
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric modicon_m340_bmxp3420102cl -
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric modicon_m340_bmxp3420302cl -
schneider-electric tsxp574634_firmware *
schneider-electric tsxp574634 -
schneider-electric tsxp575634_firmware *
schneider-electric tsxp575634 -
schneider-electric tsxp576634_firmware *
schneider-electric tsxp576634 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2208FD-0126-4ECF-97DF-89998EE90A5F",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB772761-8859-4AA5-ACAC-4A5859FCE0A9",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0DB061-8B7F-4FEC-9275-6FFE045DCE81",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAA3B4D9-7F47-4813-9784-EB7BF53A32DE",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7D852A-18A3-4AB8-B6AD-4B9815950CC4",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4325AE79-6FDA-47A7-B3A6-C47C5C2C510D",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6149E270-E76E-4011-A488-2571499A6C76",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AF74D66-DEF7-4A05-A6FC-15645BA8B8AB",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4810AB-2986-4152-9E48-488959A15361",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C440362A-7E0E-497C-B275-409E9B57D8A2",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6ACCC66-4075-4EE9-A6BA-01EF7529C568",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD031F4E-9F3C-4035-AFB8-B7442F1B2475",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C1D1498-1069-4080-8EB4-3BA6C0DC2CEA",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5481772-5E18-4985-A5E5-F7223B52A90B",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A83CF92-F35F-416F-B571-CA5600BF671F",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E506AD9-C302-4D41-B971-46DE19AF83FB",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C32BDE35-7AC6-44C3-8135-BAA128B44559",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CAEBC02-9BA6-4D36-AC3D-E1CE531F918E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23918D88-851B-480E-972E-EB48CAFA7AF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
    },
    {
      "lang": "es",
      "value": "Una CWE-754: Se presenta una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum y Modicon Premium (consulte las notificaciones de seguridad para las versiones afectadas), que podr\u00eda causar una denegaci\u00f3n de servicio cuando una petici\u00f3n Read Physical Memory especialmente dise\u00f1ada a trav\u00e9s de Modbus es enviada hacia el controlador"
    }
  ],
  "id": "CVE-2020-7537",
  "lastModified": "2024-11-21T05:37:20.177",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-11T01:15:12.253",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-09-02 17:15
Modified
2024-11-21 05:50
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06Not Applicable
nvd@nist.govhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06Not Applicable
Impacted products
Vendor Product Version
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_m580_bmeh586040s -
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_mc80_bmkc8030311 -
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric modicon_premium_tsxp57_1634m -
schneider-electric modicon_premium_tsxp57_2634m -
schneider-electric modicon_premium_tsxp57_2834m -
schneider-electric modicon_premium_tsxp57_454m -
schneider-electric modicon_premium_tsxp57_4634m -
schneider-electric modicon_premium_tsxp57_554m -
schneider-electric modicon_premium_tsxp57_5634m -
schneider-electric modicon_premium_tsxp57_6634m -
schneider-electric modicon_quantum_140cpu65150 -
schneider-electric modicon_quantum_140cpu65150c -
schneider-electric modicon_quantum_140cpu65160 -
schneider-electric modicon_quantum_140cpu65160c -
schneider-electric plc_simulator_for_ecostruxure_control_expert -
schneider-electric plc_simulator_for_ecostruxure_process_expert -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "026D5E27-E50D-4614-A3EB-C54150C85572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "39E46898-7206-45C1-9A93-729B5905EF38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B611B6-1138-40DF-848A-A4A10E1DB0F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479C318-EE74-4338-B172-EC13D4D62246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98A25B72-B3A9-4717-8AA9-B164226DF9D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "889E9E8B-688E-420E-9A99-AB64BA7ABCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E3446A5-69F7-4270-93E2-CD5614970698",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FE0C5D-3132-48AD-92EB-B7C4277C1FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD3F1B7C-7972-463E-930E-F359A402DAF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC9D2D4D-558B-424E-AB04-429C83F06DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A63ECFF-261A-4C39-964E-CBC4B97147DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B722F22-2CEB-426B-9615-DD3B73A671F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
    },
    {
      "lang": "es",
      "value": "Una CWE-787: Una vulnerabilidad de Escritura Fuera de L\u00edmites que podr\u00eda causar una Denegaci\u00f3n de Servicio en el controlador/simulador del PLC Modicon cuando se actualiza la aplicaci\u00f3n del controlador con un archivo de proyecto especialmente dise\u00f1ado se presenta en Modicon M580 CPU (n\u00fameros de pieza BMEP* y BMEH*, todas las versiones), Modicon M340 CPU (n\u00fameros de pieza BMXP34*, todas las versiones), Modicon MC80 (n\u00fameros de pieza BMKC80*, todas las versiones), Modicon Momentum Ethernet CPU (n\u00fameros de pieza 171CBU*, todas las versiones), PLC Simulator para EcoStruxure\u00aa Control Expert, incluidas todas las versiones Unity Pro (antiguo nombre de EcoStruxure\u00aa Control Expert, todas las versiones), PLC Simulator para EcoStruxure\u00aa Process Expert, incluidas todas las versiones HDCS (antiguo nombre de EcoStruxure\u00aa Process Expert, todas las versiones), Modicon Quantum CPU (n\u00fameros de pieza 140CPU*, todas las versiones), Modicon Premium CPU (n\u00fameros de pieza TSXP5*, todas las versiones)"
    }
  ],
  "id": "CVE-2021-22791",
  "lastModified": "2024-11-21T05:50:40.647",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-02T17:15:08.290",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-01-31 06:15
Modified
2024-11-21 07:29
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdfPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdfPatch, Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric ecostruxure_control_expert *
schneider-electric ecostruxure_process_expert *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp342000 -
schneider-electric modicon_m340_bmxp342010_firmware -
schneider-electric modicon_m340_bmxp342010 *
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric modicon_m340_bmxp3420102 -
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342020h_firmware *
schneider-electric modicon_m340_bmxp342020h -
schneider-electric modicon_m340_bmxp342030_firmware *
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric modicon_m340_bmxp3420302h_firmware *
schneider-electric modicon_m340_bmxp3420302h -
schneider-electric modicon_m340_bmxp342030h_firmware *
schneider-electric modicon_m340_bmxp342030h -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmeh586040s -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E8CCC1-A467-4FEF-964D-8481EAE892EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA266030-8BF1-4E8C-BBA0-EC80FBF254C6",
              "versionEndIncluding": "2020",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8152BD1B-DB69-4BD0-9DD3-79FC059319B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "104B7AFC-D948-4D3D-90D2-E963371F4392",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7B5B28-99F5-4A94-9D65-204943941047",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82E3FB5-B40B-4688-86C9-840E17DD32DD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F582E2C-D562-44F6-823F-73DEFA3604EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C747D719-51A2-44F5-B940-89D84437DA95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE8D065-BC68-4BE5-972E-2CC2CABA4B9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34CC8BAD-3D4F-4DAD-B8CE-09D0BF4A5E11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D6A3F91-28AA-42EE-8C28-0B5E6D9ACA53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C14A07B-E938-43A8-A2AA-65DBEF92AF47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8522888D-3AE6-4199-9CC1-7866DFB467C9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49646E6C-381F-495B-A5E8-8F522571D4AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F472ED1-8FE6-43BC-A4FF-E956D17ED427",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F1315A8-FDEE-487F-BA66-A99745783911",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F543A095-B798-4C5B-A2B6-DF893191EAC3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71823B23-C4E6-40EC-AC9C-2EABFDAFE498",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BDD13AD-681C-4C7D-82D5-3017FB3BE852",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B782A209-0612-4CA1-8438-6653D75F452C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43B3DF32-480E-4CE1-9396-B33CD5F63A22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA09FB51-0FDC-4457-8ED6-A963CAB97DF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9C82569-7D6C-4FD9-B5BB-2E9576FDFB0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DC98F7D-BDCC-4CF1-BA80-55EA68C5DDB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7741EA-7955-4FC6-BE64-23EFBB0E3DC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "252FA576-D00F-4BF2-871D-291D209B443C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2786E51E-B042-4DEF-98CE-C46F381D468C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9E6C74-FAEE-49D3-807B-7F8416C12725",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B182E938-6B50-4F3A-BAF6-AD2637E31E43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C610F17-FD8F-425E-A169-47EA7E6E8A0A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "355FFF2A-2B69-4340-AC49-257C0DC63B70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "777E63F4-CC75-4D68-98CC-896C58EBDD5A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF0ACFD6-D1EE-4C25-A307-2E3FB67F4A20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB46DD56-7A06-428C-97CB-E01C22BC8214",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29482B31-563A-4931-B11E-FDE86F87F25E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D261663-D224-4C92-A3F4-3509CAA78A36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6737F3-F881-4BDC-A4F4-F6F08B88EC1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBCF494-DC4C-4567-A5C8-2C8D93BAF289",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)\n\n"
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-294: Omisi\u00f3n de autenticaci\u00f3n mediante captura-reproducci\u00f3n que podr\u00eda provocar la ejecuci\u00f3n de funciones Modbus no autorizadas en el controlador al secuestrar una sesi\u00f3n Modbus autenticada. Productos afectados: EcoStruxure Control Expert (todas las versiones), EcoStruxure Process Expert (todas las versiones), CPU Modicon M340 - n\u00fameros de pieza BMXP34* (todas las versiones), CPU Modicon M580 - n\u00fameros de pieza BMEP* y BMEH* (todas las versiones), Modicon M580 Seguridad de la CPU: n\u00fameros de pieza BMEP58*S y BMEH58*S (todas las versiones)"
    }
  ],
  "id": "CVE-2022-45789",
  "lastModified": "2024-11-21T07:29:43.287",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-31T06:15:07.920",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-294"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-14 15:15
Modified
2024-11-21 05:50
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.
References
cybersecurity@se.comhttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric ecostruxure_control_expert *
schneider-electric ecostruxure_control_expert 15.0
schneider-electric ecostruxure_control_expert 15.0
schneider-electric ecostruxure_process_expert *
schneider-electric remoteconnect *
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmeh586040s -
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342010_firmware *
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342030_firmware *
schneider-electric modicon_m340_bmxp342030 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43140BF9-455B-4E3C-BF5E-BB9BBF9802D2",
              "versionEndExcluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A9BF2D84-901E-4D34-941F-FFAB85B0E9D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "939C02B6-B5C5-4F87-8179-4AFFE13FCFD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD97669F-93D5-42C4-BFC4-1993867F5911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*",
              "matchCriteriaId": "2D7E0B75-171E-4A73-B722-13473CE1B9D7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49646E6C-381F-495B-A5E8-8F522571D4AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F472ED1-8FE6-43BC-A4FF-E956D17ED427",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F1315A8-FDEE-487F-BA66-A99745783911",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F543A095-B798-4C5B-A2B6-DF893191EAC3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71823B23-C4E6-40EC-AC9C-2EABFDAFE498",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BDD13AD-681C-4C7D-82D5-3017FB3BE852",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B782A209-0612-4CA1-8438-6653D75F452C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43B3DF32-480E-4CE1-9396-B33CD5F63A22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA09FB51-0FDC-4457-8ED6-A963CAB97DF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9C82569-7D6C-4FD9-B5BB-2E9576FDFB0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DC98F7D-BDCC-4CF1-BA80-55EA68C5DDB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7741EA-7955-4FC6-BE64-23EFBB0E3DC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "252FA576-D00F-4BF2-871D-291D209B443C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2786E51E-B042-4DEF-98CE-C46F381D468C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9E6C74-FAEE-49D3-807B-7F8416C12725",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B182E938-6B50-4F3A-BAF6-AD2637E31E43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C610F17-FD8F-425E-A169-47EA7E6E8A0A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "355FFF2A-2B69-4340-AC49-257C0DC63B70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "777E63F4-CC75-4D68-98CC-896C58EBDD5A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF0ACFD6-D1EE-4C25-A307-2E3FB67F4A20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB46DD56-7A06-428C-97CB-E01C22BC8214",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29482B31-563A-4931-B11E-FDE86F87F25E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D261663-D224-4C92-A3F4-3509CAA78A36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6737F3-F881-4BDC-A4F4-F6F08B88EC1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBCF494-DC4C-4567-A5C8-2C8D93BAF289",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8152BD1B-DB69-4BD0-9DD3-79FC059319B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A4A2D03-6D4E-4ED9-A0CE-3DD681CB6E9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C747D719-51A2-44F5-B940-89D84437DA95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34CC8BAD-3D4F-4DAD-B8CE-09D0BF4A5E11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n por Spoofing en EcoStruxure Control Expert (todas las versiones anteriores a V15.0 SP1, incluyendo todas las versiones de Unity Pro), EcoStruxure Control Expert versi\u00f3n V15.0 SP1, EcoStruxure Process Expert (todas las versiones, incluyendo todas las versiones de EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (todas las versiones), Modicon M580 CPU (todas las versiones - n\u00fameros de parte BMEP* y BMEH*), Modicon M340 CPU (todas las versiones - n\u00fameros de parte BMXP34*), que podr\u00eda causar un acceso no autorizado en modo de lectura y escritura al controlador mediante el spoofing de la comunicaci\u00f3n Modbus entre el software de ingenier\u00eda y el controlador"
    }
  ],
  "id": "CVE-2021-22779",
  "lastModified": "2024-11-21T05:50:38.990",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-14T15:15:08.240",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-290"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-09-02 17:15
Modified
2024-11-21 05:50
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07Not Applicable
nvd@nist.govhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07Not Applicable
Impacted products
Vendor Product Version
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_m580_bmeh586040s -
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_mc80_bmkc8030311 -
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric modicon_premium_tsxp57_1634m -
schneider-electric modicon_premium_tsxp57_2634m -
schneider-electric modicon_premium_tsxp57_2834m -
schneider-electric modicon_premium_tsxp57_454m -
schneider-electric modicon_premium_tsxp57_4634m -
schneider-electric modicon_premium_tsxp57_554m -
schneider-electric modicon_premium_tsxp57_5634m -
schneider-electric modicon_premium_tsxp57_6634m -
schneider-electric modicon_quantum_140cpu65150 -
schneider-electric modicon_quantum_140cpu65150c -
schneider-electric modicon_quantum_140cpu65160 -
schneider-electric modicon_quantum_140cpu65160c -
schneider-electric plc_simulator_for_ecostruxure_control_expert -
schneider-electric plc_simulator_for_ecostruxure_process_expert -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "026D5E27-E50D-4614-A3EB-C54150C85572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "39E46898-7206-45C1-9A93-729B5905EF38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B611B6-1138-40DF-848A-A4A10E1DB0F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479C318-EE74-4338-B172-EC13D4D62246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98A25B72-B3A9-4717-8AA9-B164226DF9D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "889E9E8B-688E-420E-9A99-AB64BA7ABCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E3446A5-69F7-4270-93E2-CD5614970698",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FE0C5D-3132-48AD-92EB-B7C4277C1FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD3F1B7C-7972-463E-930E-F359A402DAF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC9D2D4D-558B-424E-AB04-429C83F06DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A63ECFF-261A-4C39-964E-CBC4B97147DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B722F22-2CEB-426B-9615-DD3B73A671F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
    },
    {
      "lang": "es",
      "value": "Una CWE-476: Una vulnerabilidad de Desreferencia de Puntero NULL que podr\u00eda causar una Denegaci\u00f3n de Servicio en el controlador/simulador del PLC Modicon cuando se actualiza la aplicaci\u00f3n del controlador con un archivo de proyecto especialmente dise\u00f1ado se presenta en Modicon M580 CPU (n\u00fameros de pieza BMEP* and BMEH*, todas las versiones), Modicon M340 CPU (n\u00fameros de pieza BMXP34*, todas las versiones), Modicon MC80 (n\u00fameros de pieza BMKC80*, todas las versiones), Modicon Momentum Ethernet CPU (n\u00fameros de pieza 171CBU*, todas las versiones), PLC Simulator para EcoStruxure\u00aa Control Expert, incluidas todas las versiones Unity Pro (antiguo nombre de EcoStruxure\u00aa Control Expert, todas las versiones), PLC Simulator para EcoStruxure\u00aa Process Expert, incluidas todas las versiones HDCS (antiguo nombre de EcoStruxure\u00aa Process Expert, todas las versiones), Modicon Quantum CPU (n\u00fameros de pieza 140CPU*, todas las versiones), Modicon Premium CPU (n\u00fameros de pieza TSXP5*, todas las versiones)"
    }
  ],
  "id": "CVE-2021-22792",
  "lastModified": "2024-11-21T05:50:40.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-02T17:15:08.343",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-01-30 13:15
Modified
2024-11-21 07:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdfPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdfPatch, Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric ecostruxure_control_expert *
schneider-electric ecostruxure_process_expert *
schneider-electric modicon_m340_bmxp341000_firmware -
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342000_firmware -
schneider-electric modicon_m340_bmxp342000 -
schneider-electric modicon_m340_bmxp342010_firmware -
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_m340_bmxp3420102_firmware -
schneider-electric modicon_m340_bmxp3420102 -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342020h_firmware -
schneider-electric modicon_m340_bmxp342020h -
schneider-electric modicon_m340_bmxp342030_firmware -
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric modicon_m340_bmxp3420302h_firmware -
schneider-electric modicon_m340_bmxp3420302h -
schneider-electric modicon_m340_bmxp342030h_firmware -
schneider-electric modicon_m340_bmxp342030h -
schneider-electric modicon_m580_bmeh582040_firmware -
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh582040c_firmware -
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_m580_bmeh582040s_firmware -
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmeh584040_firmware -
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmeh584040c_firmware -
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh584040s_firmware -
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040_firmware -
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmeh586040c_firmware -
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_m580_bmeh586040s_firmware -
schneider-electric modicon_m580_bmeh586040s -
schneider-electric modicon_m580_bmep581020_firmware -
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h_firmware -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020_firmware -
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h_firmware -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040_firmware -
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h_firmware -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s_firmware -
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020_firmware -
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040_firmware -
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020_firmware -
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040_firmware -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s_firmware -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040_firmware -
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c_firmware -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040_firmware -
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c_firmware -
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_momentum_171cbu78090_firmware -
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_momentum_171cbu98090_firmware -
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_momentum_171cbu98091_firmware -
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric modicon_mc80_bmkc8020301_firmware -
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_mc80_bmkc8020310_firmware -
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_mc80_bmkc8030311_firmware -
schneider-electric modicon_mc80_bmkc8030311 -
schneider-electric modicon_quantum_140cpu65150_firmware -
schneider-electric modicon_quantum_140cpu65150 -
schneider-electric modicon_quantum_140cpu65150c_firmware -
schneider-electric modicon_quantum_140cpu65150c -
schneider-electric modicon_quantum_140cpu65160_firmware -
schneider-electric modicon_quantum_140cpu65160 -
schneider-electric modicon_quantum_140cpu65160c_firmware -
schneider-electric modicon_quantum_140cpu65160c -
schneider-electric modicon_premium_tsxp57_1634m_firmware -
schneider-electric modicon_premium_tsxp57_1634m -
schneider-electric modicon_premium_tsxp57_2634m_firmware -
schneider-electric modicon_premium_tsxp57_2634m -
schneider-electric modicon_premium_tsxp57_2834m_firmware -
schneider-electric modicon_premium_tsxp57_2834m -
schneider-electric modicon_premium_tsxp57_454m_firmware -
schneider-electric modicon_premium_tsxp57_454m -
schneider-electric modicon_premium_tsxp57_4634m_firmware -
schneider-electric modicon_premium_tsxp57_4634m -
schneider-electric modicon_premium_tsxp57_554m_firmware -
schneider-electric modicon_premium_tsxp57_554m -
schneider-electric modicon_premium_tsxp57_5634m_firmware -
schneider-electric modicon_premium_tsxp57_5634m -
schneider-electric modicon_premium_tsxp57_6634m_firmware -
schneider-electric modicon_premium_tsxp57_6634m -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E8CCC1-A467-4FEF-964D-8481EAE892EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAB4A9EC-96A2-424D-A858-162E662EBEFB",
              "versionEndExcluding": "2021",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EC4B64B-CF0F-46CE-91FB-6A320F83B190",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64041ACC-0BF1-45F7-B1AB-6C836BD606BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7B5B28-99F5-4A94-9D65-204943941047",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D597D553-9E36-453A-8C82-FCBB38E6DE49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6B88FC3-8FD3-4A2F-A2F0-BE6E29CB7D4F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86AA8980-5D94-4B49-858C-E24290AE8D36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "90674B8F-C4BD-46AF-A86D-A01531074FB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8EA70F-DD0C-4835-AA65-2B826807756B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3E85D90-A4B8-46B9-B654-84CD68FCF658",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBDA1A8F-6AAF-4D09-9DB4-FACAB918963C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F86533A-406B-4910-B7D2-B378E8872756",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47004801-3437-4484-AD19-6CC304783744",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF50AC83-B422-4B6A-99B2-03A8DA8D191D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC42A466-5909-4D9B-B243-D86C7AFC0141",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F30A43E-77DB-4015-BCB9-8C491642C51D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B78759C-F64C-404D-B161-7A27721B9661",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "832C2EFD-1D6F-4229-B17D-E94F64E8AC35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC9304A-6730-41FA-86D8-900661D66A1F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59504A45-62E8-4C7B-AE03-2C0E8BBF1534",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7FFCF8C-AD13-4505-857A-D7948C83E509",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F55BE-861F-46B1-9B8F-B9081984E087",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8053B00-018B-4350-A51C-609F45BD158E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3497D351-5CF2-42DB-82E0-BCA418998EB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA3EED4-A7A9-4F7C-9B82-BCC21350DEC0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4742CA0B-D062-4A75-AB60-4E11043F741D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F44EA1CC-2DF4-496E-A892-E47E94861B45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0CFF8FE-21DE-4F9F-9FEA-4EB5184C3353",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E33BBC-D1C1-482D-A4E3-093BED191EC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D1AD7B8-8F43-4B58-986E-ECBEFE514CC9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31E97992-1012-4848-B3A5-54642B365B78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80A200E-2DC9-4FE8-A685-22DC6F8333A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F2213C-CB04-4A45-BA1E-CD8FC89BB294",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D69E5723-590F-4CF6-8C13-9565EAB2522A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B17D236-B8E5-4340-94BB-0B68B6F76255",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B8A9E71-0828-4438-8531-D7C577C63BC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu78090_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B26E867-5C0E-413E-B733-6865347C2140",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98090_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA5F1B5-FEC3-458B-B411-AC19E90E2973",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98091_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49247DB1-4B53-480B-B7BB-A0E37613E3D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020301_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AFD695-E028-405A-B6CE-4AEAD55B676F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020310_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AF5C51E-658E-497E-AF66-531C6337D8C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8030311_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2DF7857-E543-46E4-AFC3-585BEA9E5B21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "026D5E27-E50D-4614-A3EB-C54150C85572",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686D3D-B614-41D1-A023-3DA76B296601",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E3446A5-69F7-4270-93E2-CD5614970698",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "520D0A9C-ACC9-4FDD-93F5-DD807BA3C4DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FE0C5D-3132-48AD-92EB-B7C4277C1FAA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BF8361-6FA9-46A1-93B3-3CC269935F50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD3F1B7C-7972-463E-930E-F359A402DAF5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B77E0F-CC13-42B6-AF46-556FB02BA4CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC9D2D4D-558B-424E-AB04-429C83F06DB7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_1634m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5D930A5-787A-48FD-BFA2-4D1BC70C9224",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_2634m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80937C5F-5962-46D3-8BA2-1650CAC6DC0C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "39E46898-7206-45C1-9A93-729B5905EF38",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_2834m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "695475B9-A4A4-4218-8D21-71797A0F1F10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_454m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B787E978-0842-4385-9ADD-6CA947A6F697",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B611B6-1138-40DF-848A-A4A10E1DB0F2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_4634m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1788D10E-11FB-4EF1-9B57-89A2EF3A4576",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_554m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C613326A-E313-4B3F-ADF7-128B3A904422",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479C318-EE74-4338-B172-EC13D4D62246",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_5634m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AC92C16-6212-4D20-B478-98D538C2FCCF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98A25B72-B3A9-4717-8AA9-B164226DF9D9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_6634m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F0A61F-37A4-43C9-BC78-296C9AF08341",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "889E9E8B-688E-420E-9A99-AB64BA7ABCDC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality \u0026 integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)\n\n"
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-754: Comprobaci\u00f3n inadecuada de condiciones inusuales o excepcionales que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario, denegaci\u00f3n de servicio y p\u00e9rdida de confidencialidad y seguridad. integridad cuando se carga un archivo de proyecto malicioso en el controlador. Productos afectados: EcoStruxure Control Expert (todas las versiones), EcoStruxure Process Expert (todas las versiones), CPU Modicon M340 - n\u00fameros de pieza BMXP34* (todas las versiones), CPU Modicon M580 - n\u00fameros de pieza BMEP* y BMEH* (todas las versiones), Modicon M580 Seguridad de la CPU: n\u00fameros de pieza BMEP58*S y BMEH58*S (todas las versiones), procesador Modicon Momentum Unity M1E - 171CBU* (todas las versiones), Modicon MC80 - BMKC80 (todas las versiones), Modicon Quantum heredado - 140CPU65* y CPU Premium - TSXP57 * (Todas las versiones)"
    }
  ],
  "id": "CVE-2022-45788",
  "lastModified": "2024-11-21T07:29:43.093",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-30T13:15:09.310",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-11-22 12:15
Modified
2024-11-21 07:14
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)
References
cybersecurity@se.comhttps://www.se.com/us/en/download/document/SEVD-2022-221-02/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.se.com/us/en/download/document/SEVD-2022-221-02/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric modicon_m340_bmx_p34-2010_firmware *
schneider-electric modicon_m340_bmx_p34-2010 -
schneider-electric modicon_m340_bmx_p34-2030_firmware *
schneider-electric modicon_m340_bmx_p34-2030 -
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmeh586040s -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_mc80_bmkc8020301_firmware *
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_mc80_bmkc8020310_firmware *
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_mc80_bmkc8030311_firmware *
schneider-electric modicon_mc80_bmkc8030311 -
schneider-electric modicon_momentum_171cbu78090_firmware -
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_momentum_171cbu98090_firmware -
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_momentum_171cbu98091_firmware -
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric modicon_premium_tsxp57_1634m_firmware -
schneider-electric modicon_premium_tsxp57_1634m -
schneider-electric modicon_premium_tsxp57_2634m_firmware -
schneider-electric modicon_premium_tsxp57_2634m -
schneider-electric modicon_premium_tsxp57_2834m_firmware -
schneider-electric modicon_premium_tsxp57_2834m -
schneider-electric modicon_premium_tsxp57_454m_firmware -
schneider-electric modicon_premium_tsxp57_454m -
schneider-electric modicon_premium_tsxp57_4634m_firmware -
schneider-electric modicon_premium_tsxp57_4634m -
schneider-electric modicon_premium_tsxp57_554m_firmware -
schneider-electric modicon_premium_tsxp57_554m -
schneider-electric modicon_premium_tsxp57_5634m_firmware -
schneider-electric modicon_premium_tsxp57_5634m -
schneider-electric modicon_premium_tsxp57_6634m_firmware -
schneider-electric modicon_premium_tsxp57_6634m -
schneider-electric modicon_quantum_140cpu65150_firmware -
schneider-electric modicon_quantum_140cpu65150 -
schneider-electric modicon_quantum_140cpu65150c_firmware -
schneider-electric modicon_quantum_140cpu65150c -
schneider-electric modicon_quantum_140cpu65160_firmware -
schneider-electric modicon_quantum_140cpu65160 -
schneider-electric modicon_quantum_140cpu65160c_firmware -
schneider-electric modicon_quantum_140cpu65160c -
schneider-electric modicon_quantum_140noc78100_firmware -
schneider-electric modicon_quantum_140noc78100 -
schneider-electric modicon_quantum_140noe77101_firmware -
schneider-electric modicon_quantum_140noe77101 -
schneider-electric modicon_quantum_140noe77111_firmware -
schneider-electric modicon_quantum_140noe77111 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF6EFD0B-1D69-40D0-B7B9-C46FD8E9DF40",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A76270E2-D48F-4149-9A97-76F3C5749723",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0140B9B8-8D02-4758-A5A9-2B14B3CBB3DF",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FA6EC11-5E37-4534-908F-D3424AE01C79",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4DB31C8-0E2D-4EAC-B8AD-260D7B4E53D9",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A275FCA0-55B9-4CA6-96E4-A57CEF0F8316",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9098867D-6A2B-42C4-9C35-16AC5030DA70",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED19071-C1B3-4633-80D7-62E4209B573A",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFF5BD50-38B3-4CF8-9550-8C1895F23D81",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F959D278-C7A8-4E8C-ADB8-3254B380E409",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DF67EAC-9D48-42F7-A9F4-BAEAAB746881",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A8D2EF1-81D5-4801-AFBF-1CB9122DFEC6",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EDAD5F-561F-4F3C-9718-3B8B8A5404F5",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FFA2751-CA21-48C3-9DD0-DF2870EB1375",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD59535C-EBC2-4775-9147-41045F091638",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EE3F37-836D-4872-8DBE-77E5C1E9FB6B",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A045D3A4-237E-469F-9037-585471F8C44F",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB09E64C-072A-4610-88BC-D566862659D5",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBD04E1-55EE-4887-A098-0F1DD35B068E",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62FE2B68-6D92-45C2-9E75-C779E831ADB8",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95EA094-64BE-431E-8F6E-5430627C4006",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "123B1BB8-86B8-4CE3-9B61-DFADA5BC9C3D",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24DC160B-78A9-4CD6-9AC2-5806E93AAE80",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "690ADE34-3955-4167-8AF7-B64B9B95E9BC",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E5A8DC-94EA-4436-A252-9E803248EB8C",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D50A27C4-73B8-4883-893D-A81F8300D1BD",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "485C5EE3-4455-4D49-B03E-A7B21CCF9D44",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E7E0E8A-2189-48A7-9B6B-3FC7CDDC0F74",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53FD731-D404-43DF-8990-8F17F2E13F94",
              "versionEndExcluding": "4.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020301_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B29E8197-8592-404D-A133-A3B5AC423F34",
              "versionEndExcluding": "1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020310_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D821580-8AFC-40F1-B1E5-6C9EF2C17728",
              "versionEndExcluding": "1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8030311_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "833A8209-9A7B-4CC7-9BBA-125ABC05AC48",
              "versionEndExcluding": "1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "026D5E27-E50D-4614-A3EB-C54150C85572",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu78090_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B26E867-5C0E-413E-B733-6865347C2140",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98090_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA5F1B5-FEC3-458B-B411-AC19E90E2973",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98091_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49247DB1-4B53-480B-B7BB-A0E37613E3D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_1634m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5D930A5-787A-48FD-BFA2-4D1BC70C9224",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_2634m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80937C5F-5962-46D3-8BA2-1650CAC6DC0C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "39E46898-7206-45C1-9A93-729B5905EF38",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_2834m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "695475B9-A4A4-4218-8D21-71797A0F1F10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_454m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B787E978-0842-4385-9ADD-6CA947A6F697",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B611B6-1138-40DF-848A-A4A10E1DB0F2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_4634m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1788D10E-11FB-4EF1-9B57-89A2EF3A4576",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_554m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C613326A-E313-4B3F-ADF7-128B3A904422",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479C318-EE74-4338-B172-EC13D4D62246",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_5634m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AC92C16-6212-4D20-B478-98D538C2FCCF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98A25B72-B3A9-4717-8AA9-B164226DF9D9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_tsxp57_6634m_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F0A61F-37A4-43C9-BC78-296C9AF08341",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "889E9E8B-688E-420E-9A99-AB64BA7ABCDC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686D3D-B614-41D1-A023-3DA76B296601",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E3446A5-69F7-4270-93E2-CD5614970698",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "520D0A9C-ACC9-4FDD-93F5-DD807BA3C4DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FE0C5D-3132-48AD-92EB-B7C4277C1FAA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BF8361-6FA9-46A1-93B3-3CC269935F50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD3F1B7C-7972-463E-930E-F359A402DAF5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B77E0F-CC13-42B6-AF46-556FB02BA4CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC9D2D4D-558B-424E-AB04-429C83F06DB7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140noc78100_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "100EF6DF-31D9-4942-8C1D-093A98A50B12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140noc78100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "41D30C1F-F8C6-4B4A-8F62-C4F5B22E485C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140noe77101_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F92A60EA-6BBF-4AEE-9996-3570E3DCD60D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140noe77101:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "820638DC-323D-4187-8468-2495C1505860",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_140noe77111_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26DB16A6-2F84-487C-B061-6EFF81A3673C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140noe77111:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C5587FE-4270-490C-BFE7-6DFC2B7AFE79",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)"
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-191: Integer Underflow (Wrap o Wraparound) que podr\u00eda causar una Denegaci\u00f3n de Servicio (DoS) del controlador debido a violaciones de acceso a la memoria cuando se utiliza el protocolo Modbus TCP. Productos afectados: CPU Modicon M340 (n\u00fameros de pieza BMXP34*)(V3.40 y anteriores), CPU Modicon M580 (n\u00fameros de pieza BMEP* y BMEH*)(V3.22 y anteriores), Modicon Quantum/Premium heredado (todas las versiones), Modicon Momentum MDI (171CBU*)(todas las versiones), Modicon MC80 (BMKC80)(V1.7 y anteriores)"
    }
  ],
  "id": "CVE-2022-37301",
  "lastModified": "2024-11-21T07:14:42.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-22T12:15:09.927",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-02/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-191"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-09-12 18:15
Modified
2024-11-21 07:14
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).
References
cybersecurity@se.comhttps://www.se.com/us/en/download/document/SEVD-2022-221-01/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.se.com/us/en/download/document/SEVD-2022-221-01/Patch, Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric ecostruxure_control_expert *
schneider-electric ecostruxure_process_expert *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp342000 -
schneider-electric modicon_m340_bmxp342010_firmware *
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric modicon_m340_bmxp3420102 -
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342020h_firmware *
schneider-electric modicon_m340_bmxp342020h -
schneider-electric modicon_m340_bmxp342030_firmware *
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric modicon_m340_bmxp3420302h_firmware *
schneider-electric modicon_m340_bmxp3420302h -
schneider-electric modicon_m340_bmxp342030h_firmware *
schneider-electric modicon_m340_bmxp342030h -
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmeh586040s -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmep586040c -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DCC0C29-32C2-4463-B98F-AB4B56FF5314",
              "versionEndExcluding": "15.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E122BBC5-DF05-4449-826A-070B128D8BBE",
              "versionEndIncluding": "2021",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB94CE0B-D2AE-4AD5-9BB3-FF73F3F081F0",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8E4C660-7603-47D4-A0E4-D8755B1C84CC",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0594267D-0107-4E43-A783-7C557779E944",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C75AF4-DB31-491B-8635-E7E0E3614476",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6360DC2-1801-412F-867A-D8C62BC0E2A4",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C34A2C5B-731C-4809-9FE8-3D897AD9A3F8",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "708E8DA4-1D49-4B68-A626-8E936C054B33",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "769B8B46-3965-43C0-8049-A6D786E82FAB",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEB5579A-5AB3-40CD-9C22-96207696BB32",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFFEE13B-685A-4590-839D-A32A98D4C012",
              "versionEndExcluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "745D3106-80E9-4350-9C79-E4B9FA77D775",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35661AEB-E386-4574-86A2-D2BEC19D9B5A",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B740450-E707-4464-B60B-22C70FC40ECD",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "630B4FCE-4284-49C1-898E-E6ADFE174E9B",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A727FEA3-40BC-45A3-9D0B-7FF12A914140",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8219A561-CDE9-4385-AB16-805CB74A8DCD",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1C426D-B67A-4D5A-9494-3F7B184660AD",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCCA3AEB-E10A-4F26-B430-7BA4D49678EE",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "065FFEE6-138C-4865-BBDF-64A482F51DD2",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F0D3F3C-2A1F-4B90-8DA7-815715271F8C",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4FFDB6-F5B3-4CD8-874F-37D7E4F2571B",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48AB766B-EAFE-48C1-911D-F60466F446DF",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B27484B-E321-4026-8C66-12AFFEFB6100",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1831C033-653A-44A8-969A-D7D9D21AF1FC",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C27E0382-FE2F-4FE0-BDF5-295C8C7AECC9",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A26483B-944A-4A95-A54C-3A8CB95C33F7",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69AB6BD3-D791-468C-A0DC-D62C2D07A970",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "482E022D-F08C-487F-AA42-AB199A6456B3",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6990D04-52CE-4B58-A711-CB4612B2EE53",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F817C7DD-DCB3-4696-8D1A-CE94E097EA28",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C963704-2DE5-4C6A-9678-E4EEAA06C535",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88A1D080-7D0E-4094-811C-CF5252FB36BF",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8708E15-0E65-420C-B7FF-34DD22C24CDE",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "636EA58C-6310-403E-BB20-74491651EF73",
              "versionEndExcluding": "4.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)."
    },
    {
      "lang": "es",
      "value": "Una CWE-640: Se presenta una vulnerabilidad de Mecanismo de Recuperaci\u00f3n de Contrase\u00f1as D\u00e9biles para Contrase\u00f1as Olvidadas que podr\u00eda causar un acceso no autorizado en modo de lectura y escritura al controlador cuando es comunicado a trav\u00e9s de Modbus. Productos afectados: EcoStruxure Control Expert, incluidas todas las versiones de Unity Pro (antiguo nombre de EcoStruxure Control Expert) (V15.0 SP1 y anteriores), EcoStruxure Process Expert, incluidas todas las versiones de EcoStruxure Hybrid DCS (antiguo nombre de EcoStruxure Process Expert) (V2021 y anteriores), Modicon M340 CPU (n\u00fameros de pieza BMXP34*) (V3.40 y anteriores), Modicon M580 CPU (n\u00fameros de pieza BMEP* y BMEH*) (V3.20 y anteriores)"
    }
  ],
  "id": "CVE-2022-37300",
  "lastModified": "2024-11-21T07:14:42.543",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-12T18:15:08.980",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-640"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-02-01 04:15
Modified
2024-11-21 05:50
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdfPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdfPatch, Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp342000 -
schneider-electric modicon_m340_bmxp342010_firmware *
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric modicon_m340_bmxp3420102 -
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342020h_firmware *
schneider-electric modicon_m340_bmxp342020h -
schneider-electric modicon_m340_bmxp342030_firmware *
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric modicon_m340_bmxp3420302h_firmware *
schneider-electric modicon_m340_bmxp3420302h -
schneider-electric modicon_m340_bmxp342030h_firmware *
schneider-electric modicon_m340_bmxp342030h -
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmeh586040s -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_momentum_171cbu78090_firmware *
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_momentum_171cbu98090_firmware *
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_momentum_171cbu98091_firmware *
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric modicon_mc80_bmkc8020301_firmware *
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_mc80_bmkc8020310_firmware *
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_mc80_bmkc8030311_firmware *
schneider-electric modicon_mc80_bmkc8030311 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D891E712-7FA2-4CB2-B2EE-EAC1BB172993",
              "versionEndExcluding": "3.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "741AED85-8328-4050-8780-487F0B4F6EBB",
              "versionEndExcluding": "3.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A85EE6A-6D75-4A5E-8778-69D909ADA0F8",
              "versionEndExcluding": "3.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77202E5E-F1E5-424D-A7CB-1AADC61AF2A6",
              "versionEndExcluding": "3.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "866BFE7D-D688-40B1-B6E9-B140529001C3",
              "versionEndExcluding": "3.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37F7B762-250F-4E44-ADE4-DA133CA13194",
              "versionEndExcluding": "3.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91B5097C-C807-4876-A398-284180B2A5A9",
              "versionEndExcluding": "3.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "383AB87D-0244-46E6-A509-1C6A85357C37",
              "versionEndExcluding": "3.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03AF16B9-E1A6-42C1-9268-87F6C4F0C822",
              "versionEndExcluding": "3.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7963099F-9045-48F3-AF78-818EAC56DF6A",
              "versionEndExcluding": "3.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75365643-792C-4629-9F55-0E72FE2CA421",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE16B26B-2833-410A-AD2E-FEB22A3314A5",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90196FCE-1FA7-4042-981B-DE15D94AEAE4",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "125AEA33-E18A-49FE-BF88-7E8F5EAD9C64",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB71FB34-5ADA-4C0E-B543-46771FB68A06",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49F91CCB-F349-4D40-80F9-71D06C0C1FAA",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10B4F452-B9AD-406D-B1CC-6178D03C78B8",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5448F5CF-8FB8-4757-9FD5-276159B7DAE9",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DF405A-9B2B-4607-97CF-DE0F2BB27354",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30433BF7-67D6-47F5-93FC-FDD227AF0FAE",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "773672C2-2CAF-4228-A1BE-440B2A082C9C",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F283DBAB-23CB-4D03-8780-11721A7A1A4B",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9516F92-B6CE-49E6-B300-EE722AAD7571",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98F5559-FA1C-4048-B7DC-7D305EEF27F1",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36C82ED8-9F11-4189-8ACD-3AF589F7B5E5",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C51971DE-3C54-4166-A885-93CD7422BFCF",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DDDFF4B-AAF4-4E94-B003-E5ACA16B80B4",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F72A74E1-F374-423E-8CDD-448836A1EC73",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3A9B66-AFD1-40CE-A95B-C2E8AB39ED36",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "511F5135-3F09-443D-802F-1FE5D30C373C",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A780135C-34F9-451E-80FB-451467BA1D1B",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1A3344A-9259-41B0-BB39-91A171E10823",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB8948EA-A4F5-4C61-AF26-D7E74BB137FE",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFECD92C-1415-4780-9440-E899060EB88D",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C7FAF22-80AC-4933-8210-87200B769A4A",
              "versionEndIncluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu78090_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F6496D4-3FC1-4324-90C6-EB049E51E5FF",
              "versionEndExcluding": "2.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98090_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C043867-197B-42C5-9023-9BA43EF90D20",
              "versionEndExcluding": "2.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98091_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECCA96AA-E485-4B70-81EF-E4DB5ADC8B70",
              "versionEndExcluding": "2.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020301_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4C34115-3B58-458D-9835-0DE028593A50",
              "versionEndExcluding": "1.70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020310_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B749D0E-FBEB-477E-B1FF-F09B34F41A94",
              "versionEndExcluding": "1.70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8030311_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA1B1CD2-17D4-456F-ADB9-F22190097AB0",
              "versionEndExcluding": "1.70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "026D5E27-E50D-4614-A3EB-C54150C85572",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)"
    }
  ],
  "id": "CVE-2021-22786",
  "lastModified": "2024-11-21T05:50:39.900",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-01T04:15:08.603",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-12-11 01:15
Modified
2024-11-21 05:37
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
References
cybersecurity@se.comhttps://www.se.com/ww/en/download/document/SEVD-2020-343-08/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.se.com/ww/en/download/document/SEVD-2020-343-08/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp342000 -
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric modicon_m340_bmxp3420102 -
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric modicon_m340_bmxp3420102cl -
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric modicon_m340_bmxp3420302cl -
schneider-electric tsxp574634_firmware *
schneider-electric tsxp574634 -
schneider-electric tsxp575634_firmware *
schneider-electric tsxp575634 -
schneider-electric tsxp576634_firmware *
schneider-electric tsxp576634 -
schneider-electric 140cpu65150_firmware *
schneider-electric 140cpu65150 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2208FD-0126-4ECF-97DF-89998EE90A5F",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB772761-8859-4AA5-ACAC-4A5859FCE0A9",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0DB061-8B7F-4FEC-9275-6FFE045DCE81",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAA3B4D9-7F47-4813-9784-EB7BF53A32DE",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7D852A-18A3-4AB8-B6AD-4B9815950CC4",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4325AE79-6FDA-47A7-B3A6-C47C5C2C510D",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6149E270-E76E-4011-A488-2571499A6C76",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AF74D66-DEF7-4A05-A6FC-15645BA8B8AB",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4810AB-2986-4152-9E48-488959A15361",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C440362A-7E0E-497C-B275-409E9B57D8A2",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6ACCC66-4075-4EE9-A6BA-01EF7529C568",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD031F4E-9F3C-4035-AFB8-B7442F1B2475",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C1D1498-1069-4080-8EB4-3BA6C0DC2CEA",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5481772-5E18-4985-A5E5-F7223B52A90B",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A83CF92-F35F-416F-B571-CA5600BF671F",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E506AD9-C302-4D41-B971-46DE19AF83FB",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C32BDE35-7AC6-44C3-8135-BAA128B44559",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CAEBC02-9BA6-4D36-AC3D-E1CE531F918E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23918D88-851B-480E-972E-EB48CAFA7AF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8048EA69-8FC8-4415-BA20-D2813F8BD83D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
    },
    {
      "lang": "es",
      "value": "Una CWE-754: Se presenta una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum y Modicon Premium (consulte las notificaciones de seguridad para las versiones afectadas), que podr\u00eda causar una denegaci\u00f3n de servicio cuando una petici\u00f3n Read Physical Memory especialmente dise\u00f1ada a trav\u00e9s de Modbus es enviada hacia el controlador"
    }
  ],
  "id": "CVE-2020-7542",
  "lastModified": "2024-11-21T05:37:20.843",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-11T01:15:12.517",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-09-02 17:15
Modified
2024-11-21 05:50
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04Patch, Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_m580_bmeh586040s -
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_mc80_bmkc8030311 -
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric modicon_premium_tsxp57_1634m -
schneider-electric modicon_premium_tsxp57_2634m -
schneider-electric modicon_premium_tsxp57_2834m -
schneider-electric modicon_premium_tsxp57_454m -
schneider-electric modicon_premium_tsxp57_4634m -
schneider-electric modicon_premium_tsxp57_554m -
schneider-electric modicon_premium_tsxp57_5634m -
schneider-electric modicon_premium_tsxp57_6634m -
schneider-electric modicon_quantum_140cpu65150 -
schneider-electric modicon_quantum_140cpu65150c -
schneider-electric modicon_quantum_140cpu65160 -
schneider-electric modicon_quantum_140cpu65160c -
schneider-electric plc_simulator_for_ecostruxure_control_expert -
schneider-electric plc_simulator_for_ecostruxure_process_expert -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "026D5E27-E50D-4614-A3EB-C54150C85572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "39E46898-7206-45C1-9A93-729B5905EF38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B611B6-1138-40DF-848A-A4A10E1DB0F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479C318-EE74-4338-B172-EC13D4D62246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98A25B72-B3A9-4717-8AA9-B164226DF9D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "889E9E8B-688E-420E-9A99-AB64BA7ABCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E3446A5-69F7-4270-93E2-CD5614970698",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FE0C5D-3132-48AD-92EB-B7C4277C1FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD3F1B7C-7972-463E-930E-F359A402DAF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC9D2D4D-558B-424E-AB04-429C83F06DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A63ECFF-261A-4C39-964E-CBC4B97147DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B722F22-2CEB-426B-9615-DD3B73A671F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
    },
    {
      "lang": "es",
      "value": "Una CWE-119: Una vulnerabilidad de Restricci\u00f3n Inapropiada de Operaciones dentro de los L\u00edmites de un B\u00fafer de Memoria que podr\u00eda causar una Denegaci\u00f3n de Servicio en el controlador/simulador del PLC Modicon cuando se actualiza la aplicaci\u00f3n del controlador con un archivo de proyecto especialmente dise\u00f1ado se presenta en Modicon M580 CPU (n\u00fameros de pieza BMEP* and BMEH*, todas las versiones), Modicon M340 CPU (n\u00fameros de pieza BMXP34*, todas las versiones), Modicon MC80 (n\u00fameros de pieza BMKC80*, todas las versiones), Modicon Momentum Ethernet CPU (n\u00fameros de pieza 171CBU*, todas las versiones), PLC Simulator for EcoStruxure\u00aa Control Expert, incluyendo todas las versiones Unity Pro (antiguo nombre de EcoStruxure\u00aa Control Expert, todas las versiones), PLC Simulator for EcoStruxure\u00aa Process Expert incluyendo todas las versiones HDCS (antiguo nombre de EcoStruxure\u00aa Process Expert, todas las versiones), Modicon Quantum CPU (n\u00fameros de pieza 140CPU*, todas las versiones), Modicon Premium CPU (n\u00fameros de pieza TSXP5*, todas las versiones)"
    }
  ],
  "id": "CVE-2021-22789",
  "lastModified": "2024-11-21T05:50:40.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-02T17:15:08.180",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-02-14 17:15
Modified
2025-01-23 19:39
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp341000h_firmware *
schneider-electric modicon_m340_bmxp341000h -
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp342000 -
schneider-electric modicon_m340_bmxp342010_firmware *
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric modicon_m340_bmxp3420102 -
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric modicon_m340_bmxp3420102cl -
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342020h_firmware *
schneider-electric modicon_m340_bmxp342020h -
schneider-electric modicon_m340_bmxp342030_firmware *
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric modicon_m340_bmxp3420302cl -
schneider-electric modicon_m340_bmxp3420302h_firmware *
schneider-electric modicon_m340_bmxp3420302h -
schneider-electric modicon_m340_bmxp342030h_firmware *
schneider-electric modicon_m340_bmxp342030h -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmeh586040s -
schneider-electric modicon_mc80_bmkc8020301_firmware *
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_mc80_bmkc8020310_firmware *
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_mc80_bmkc8030311 *
schneider-electric modicon_mc80_bmkc8030311_firmware -
schneider-electric modicon_momentum_171cbu78090_firmware *
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_momentum_171cbu98090_firmware *
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_momentum_171cbu98091_firmware *
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric ecostruxure_control_expert *
schneider-electric ecostruxure_process_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A41729-8AC9-44CE-8447-B9E243E4CA7E",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B721B3D-6ADC-4CDE-BA59-5D39F7D0D624",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69222495-4F18-434E-B86C-F63C5A2C1242",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "189E442E-73FA-44B4-9E4F-6167FD095D39",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD51E43-1E3C-4694-A540-9CD5547EC60C",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD1BAE8E-B799-4BA1-8860-AA89F72DBCA3",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB57B387-58F4-4D44-883D-82C29F06F300",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF3FF83D-6638-4627-B076-14431E931CDB",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CB38392-4EF2-435B-BAD2-6EF089381716",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4157F72-10ED-47A0-A90C-39D436302B66",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31CFFD7F-F459-476C-A984-70D5799D1772",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABC7DD20-F35D-4329-A4C5-27C67611D9F0",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D81366E4-B0BC-4B93-BC15-4909C6A87F32",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A08E506E-E508-43B2-B332-45951F7FC848",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "612BA6AF-0738-41BA-B67A-320998CC7DEC",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C5DDF76-4C99-4FCE-BDB1-DC5FE70D284D",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9E86F93-D4A5-41A9-9F4E-2A455D457964",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A551102F-6847-41FB-96A3-B7E412CC14A3",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4F458E-82AB-4AA2-AA98-AF30DA05C094",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24838031-54D3-4B4B-8CCC-D0F3B6B09589",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4094AD89-46E1-426A-8A08-9F56278737DE",
              "versionEndExcluding": "4.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F63C5C5-38D7-4FED-81F9-FCF5626A6EBC",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26448C55-91E4-4B50-94DF-B4C874B267AF",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28531D13-A985-49F5-9D6E-1125A764F0EF",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F14360-9D1F-4EBC-8C87-E0BC1681124D",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BD25F9-6EDF-4554-AA5E-5CD0C56CFC91",
              "versionEndExcluding": "4.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF13A654-6195-45A6-BBAB-551F89B2BB36",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "113A6513-8BA8-46AB-859D-FFC55C3D0623",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B7C1A1A-3A6E-4095-AD00-395B5CF59B70",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B81D21C-8B25-4710-84D4-E31A4D60DBEF",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62FEA1D5-8094-4C6F-AE53-A8076D17F833",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81423EAF-9BC2-4254-B7CD-A2E5B93DD7CF",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F411C917-26D8-4A3C-9AF8-998E1DBE9611",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0B94C1-1322-49AD-9C87-278A3C517A9E",
              "versionEndExcluding": "4.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BF0234E-17EE-40CE-AEA3-C46C8B73FE9F",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28B19E1-2017-49E4-BA7F-7175E97CAD7F",
              "versionEndExcluding": "4.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D5ACCA5-1AC6-4B41-909B-43B86808D405",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "274EC4AF-32F7-44DB-9141-4E458A25E4E3",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A834E56-260F-4EF3-8325-903E2C7880F5",
              "versionEndExcluding": "4.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020301_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9809A056-81A7-466C-ACB0-2F61308D54C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8020310_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "503BDD25-2072-4A09-A1C2-AFD977F95B54",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AADC7E9-F019-48FD-8E9F-296C32A10AAD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_bmkc8030311_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2DF7857-E543-46E4-AFC3-585BEA9E5B21",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu78090_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFEF1F75-74C7-4AC4-9FDF-0522A1D153A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98090_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D0B0EE-34E9-4D58-B739-4F71FD2E9452",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_171cbu98091_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD0FCEBC-040D-4DB9-AF62-6A736829294F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FF68269-FEB0-41F0-9127-965AA4ADCC91",
              "versionEndExcluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8022AED-42C4-42F5-A30A-45F157D71CA9",
              "versionEndExcluding": "2023",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n"
    },
    {
      "lang": "es",
      "value": "CWE-924: Existe una vulnerabilidad en la aplicaci\u00f3n inadecuada de la integridad de los mensajes durante la transmisi\u00f3n en un canal de comunicaci\u00f3n que podr\u00eda causar una denegaci\u00f3n de servicio y p\u00e9rdida de confidencialidad e integridad de los controladores al realizar un ataque Man in the Middle."
    }
  ],
  "id": "CVE-2023-6408",
  "lastModified": "2025-01-23T19:39:42.010",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-14T17:15:11.057",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-924"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:47
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.
References
cybersecurity@se.comhttp://www.securityfocus.com/bid/109004Broken Link
cybersecurity@se.comhttps://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/109004Broken Link
af854a3a-2127-422b-91ae-364da2661108https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric modicon_m340_firmware *
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp341000h -
schneider-electric modicon_m340_bmxp342000 -
schneider-electric modicon_m340_bmxp3420102 -
schneider-electric modicon_m340_bmxp3420102cl -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342020h -
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric modicon_m340_bmxp3420302cl -
schneider-electric modicon_m340_bmxp3420302h -
schneider-electric modicon_m580_firmware *
schneider-electric bmeh582040 -
schneider-electric bmeh582040c -
schneider-electric bmeh584040 -
schneider-electric bmeh584040c -
schneider-electric bmeh586040 -
schneider-electric bmeh586040c -
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_quantum -
schneider-electric modicon_premium_firmware *
schneider-electric modicon_premium -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "606AFE88-8C9A-4D18-9209-1193B628669F",
              "versionEndExcluding": "3.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69222495-4F18-434E-B86C-F63C5A2C1242",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FDEB227-D50B-402C-9C11-E29F52BC10BB",
              "versionEndExcluding": "2.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E6E5E62-BBA8-4370-A232-8E1196757C3E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C393EAE-D2A1-42BC-8CE8-2DCAC96EB769",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2A8BF9D-AFD1-4F19-A0DB-5EB6F343D890",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D48211-A734-4F98-A4D5-569268335757",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D22DD5-677B-42E8-AE1F-11601D4BF110",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "79907FE7-B4B0-4732-9287-B7ED13115F6C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium."
    },
    {
      "lang": "es",
      "value": "Una CWE-754: Existe una vulnerabilidad de Comprobaci\u00f3n Inapropiada  para condiciones inusuales o excepcionales, que podr\u00eda generar una posible Denegaci\u00f3n de Servicio cuando se env\u00edan tramas Modbus espec\u00edficas hacia el controlador en los productos: Modicon M340 - versiones de firmware anteriores a la V3.01, Modicon M580 - versiones de firmware anteriores a V2.80, y todas las versiones de firmware de Modicon Quantum y Modicon Premium."
    }
  ],
  "id": "CVE-2019-6819",
  "lastModified": "2024-11-21T04:47:12.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-22T20:29:02.090",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/109004"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/109004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-12-11 01:15
Modified
2024-11-21 05:37
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
References
cybersecurity@se.comhttps://www.se.com/ww/en/download/document/SEVD-2020-343-08/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.se.com/ww/en/download/document/SEVD-2020-343-08/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp342000 -
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric modicon_m340_bmxp3420102 -
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric modicon_m340_bmxp3420102cl -
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric modicon_m340_bmxp3420302cl -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2208FD-0126-4ECF-97DF-89998EE90A5F",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB772761-8859-4AA5-ACAC-4A5859FCE0A9",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0DB061-8B7F-4FEC-9275-6FFE045DCE81",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAA3B4D9-7F47-4813-9784-EB7BF53A32DE",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7D852A-18A3-4AB8-B6AD-4B9815950CC4",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4325AE79-6FDA-47A7-B3A6-C47C5C2C510D",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6149E270-E76E-4011-A488-2571499A6C76",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AF74D66-DEF7-4A05-A6FC-15645BA8B8AB",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4810AB-2986-4152-9E48-488959A15361",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C440362A-7E0E-497C-B275-409E9B57D8A2",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6ACCC66-4075-4EE9-A6BA-01EF7529C568",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD031F4E-9F3C-4035-AFB8-B7442F1B2475",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C1D1498-1069-4080-8EB4-3BA6C0DC2CEA",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5481772-5E18-4985-A5E5-F7223B52A90B",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A83CF92-F35F-416F-B571-CA5600BF671F",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E506AD9-C302-4D41-B971-46DE19AF83FB",
              "versionEndExcluding": "3.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
    },
    {
      "lang": "es",
      "value": "Una CWE-754: Se presenta una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026amp; Modicon Premium (consulte las notificaciones de seguridad para las versiones afectadas), que podr\u00eda causar una denegaci\u00f3n de servicio cuando una petici\u00f3n Read Physical Memory especialmente dise\u00f1ada a trav\u00e9s de Modbus es enviada hacia el controlador"
    }
  ],
  "id": "CVE-2020-7543",
  "lastModified": "2024-11-21T05:37:20.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-11T01:15:12.580",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-01-06 23:15
Modified
2024-11-21 04:47
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.
References
cybersecurity@se.comhttps://www.se.com/ww/en/download/document/SEVD-2019-344-02/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.se.com/ww/en/download/document/SEVD-2019-344-02/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric ecostruxure_control_expert *
schneider-electric ecostruxure_control_expert 14.1
schneider-electric unity_pro *
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmeh586040s -
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp342000 -
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric modicon_m340_bmxp3420102 -
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp3420302 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10BD615A-F82C-4CCA-BB41-89F6EF5467F1",
              "versionEndExcluding": "14.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:14.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "D34F92F7-2058-43F0-BCF1-2925E12D29E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:unity_pro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51476F6C-7515-4DD4-8D3D-5E86C1EEFC06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5449E755-4992-4000-BD4D-B4B8E2E3DD3F",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AA81375-45BC-4363-A983-927CF387A4A0",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37811A48-CDDE-4C7E-B255-596D51932BE8",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBA066DD-C0D5-413E-B858-DEA3B2E3B3B5",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB88DA1F-6526-4EEA-AFDE-F09B33903F48",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8769D3F1-4E16-40EC-A0D6-EFC5C7C6A483",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F42514A-3D4B-4E01-8A74-9CD2FD516002",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3B6735-D709-43FD-8EA3-A09522584C10",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA007461-EE11-41F0-90C4-8A23E8FFED62",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D87361A5-1E59-48C1-8097-6B3D3538F4F2",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C4644B-E7D7-49D9-867D-35E58D13B4C7",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C67FC1-8EA6-447C-9891-B5242783C614",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB4D826-414C-4E89-BC13-33FA6FE1BE5A",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2B68D4E-EBE5-4E44-AA7E-F8D53F32D3C5",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A39833-AA85-4003-99F9-9FC4DA98895E",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39597434-BDCF-4515-8EAE-7A392CAD3E13",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86401BD9-9D3F-4626-A299-6AFD5A7C6A95",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16101586-1908-497E-84A2-BD204693317C",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC91F3A5-7032-45DD-8897-0A63FDD25550",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9F5C74-1CF8-47E8-B3AB-2F87FCD25D28",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "486E0121-1C3B-4EDC-9D76-292648A96764",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86401BD9-9D3F-4626-A299-6AFD5A7C6A95",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de Autorizaci\u00f3n Incorrecta en EcoStruxure Control Expert (todas las versiones anteriores a la 14.1 Hot Fix), Unity Pro (todas las versiones), Modicon M340 (todas las versiones anteriores a la V3.20) , y Modicon M580 (todas las versiones anteriores a la V3.10), que podr\u00eda causar un bypass del proceso de autenticaci\u00f3n entre EcoStruxure Control Expert y los controladores M340 y M580"
    }
  ],
  "id": "CVE-2019-6855",
  "lastModified": "2024-11-21T04:47:17.287",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-06T23:15:11.237",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-02/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-09-02 17:15
Modified
2024-11-21 05:50
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05Not Applicable
nvd@nist.govhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05Not Applicable
Impacted products
Vendor Product Version
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_m580_bmeh586040s -
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_mc80_bmkc8030311 -
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric modicon_premium_tsxp57_1634m -
schneider-electric modicon_premium_tsxp57_2634m -
schneider-electric modicon_premium_tsxp57_2834m -
schneider-electric modicon_premium_tsxp57_454m -
schneider-electric modicon_premium_tsxp57_4634m -
schneider-electric modicon_premium_tsxp57_554m -
schneider-electric modicon_premium_tsxp57_5634m -
schneider-electric modicon_premium_tsxp57_6634m -
schneider-electric modicon_quantum_140cpu65150 -
schneider-electric modicon_quantum_140cpu65150c -
schneider-electric modicon_quantum_140cpu65160 -
schneider-electric modicon_quantum_140cpu65160c -
schneider-electric plc_simulator_for_ecostruxure_control_expert -
schneider-electric plc_simulator_for_ecostruxure_process_expert -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "026D5E27-E50D-4614-A3EB-C54150C85572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "39E46898-7206-45C1-9A93-729B5905EF38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B611B6-1138-40DF-848A-A4A10E1DB0F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479C318-EE74-4338-B172-EC13D4D62246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98A25B72-B3A9-4717-8AA9-B164226DF9D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "889E9E8B-688E-420E-9A99-AB64BA7ABCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E3446A5-69F7-4270-93E2-CD5614970698",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FE0C5D-3132-48AD-92EB-B7C4277C1FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD3F1B7C-7972-463E-930E-F359A402DAF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC9D2D4D-558B-424E-AB04-429C83F06DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A63ECFF-261A-4C39-964E-CBC4B97147DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B722F22-2CEB-426B-9615-DD3B73A671F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."
    },
    {
      "lang": "es",
      "value": "UN CWE-125: Una vulnerabilidad de Lectura Fuera de L\u00edmites que podr\u00eda causar una Denegaci\u00f3n de Servicio en el controlador/simulador del PLC Modicon cuando se actualiza la aplicaci\u00f3n del controlador con un archivo de proyecto especialmente dise\u00f1ado se presenta en Modicon M580 CPU (n\u00fameros de pieza BMEP* y BMEH*, todas las versiones), CPU Modicon M340 (n\u00fameros de pieza BMXP34*, todas las versiones), Modicon MC80 (n\u00fameros de pieza BMKC80*, todas las versiones), CPU Modicon Momentum Ethernet (n\u00fameros de pieza 171CBU*, todas las versiones), PLC Simulator for EcoStruxure\u00aa Control Expert, incluyendo todas las versiones Unity Pro (antiguo nombre de EcoStruxure\u00aa Control Expert, todas las versiones), PLC Simulator for EcoStruxure\u00aa Process Expert incluyendo todas las versiones HDCS (antiguo nombre de EcoStruxure\u00aa Process Expert, todas las versiones), Modicon Quantum CPU (n\u00fameros de pieza 140CPU*, todas las versiones), Modicon Premium CPU (n\u00fameros de pieza TSXP5*, todas las versiones)"
    }
  ],
  "id": "CVE-2021-22790",
  "lastModified": "2024-11-21T05:50:40.513",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-02T17:15:08.237",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}