Schneider Electric Modicon Out-of-bounds Read (CVE-2021-22790)

medium Tenable OT Security Plugin ID 500599

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure Control Expert, including all Unity Pro versions (former name of EcoStruxure Control Expert, all versions), PLC Simulator for EcoStruxure Process Expert including all HDCS versions (former name of EcoStruxure Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?37b129fa

http://www.nessus.org/u?e12d2350

Plugin Details

Severity: Medium

ID: 500599

Version: 1.6

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 11/20/2023

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2021-22790

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:schneider-electric:modicon_m340_bmxp341000:-, cpe:/h:schneider-electric:modicon_m340_bmxp342010:-, cpe:/h:schneider-electric:modicon_m340_bmxp342020:-, cpe:/h:schneider-electric:modicon_m340_bmxp342030:-, cpe:/h:schneider-electric:modicon_m580_bmeh582040:-, cpe:/h:schneider-electric:modicon_m580_bmeh582040c:-, cpe:/h:schneider-electric:modicon_m580_bmeh582040s:-, cpe:/h:schneider-electric:modicon_m580_bmeh584040:-, cpe:/h:schneider-electric:modicon_m580_bmeh584040c:-, cpe:/h:schneider-electric:modicon_m580_bmeh584040s:-, cpe:/h:schneider-electric:modicon_m580_bmeh586040:-, cpe:/h:schneider-electric:modicon_m580_bmeh586040c:-, cpe:/h:schneider-electric:modicon_m580_bmeh586040s:-, cpe:/h:schneider-electric:modicon_m580_bmep581020:-, cpe:/h:schneider-electric:modicon_m580_bmep581020h:-, cpe:/h:schneider-electric:modicon_m580_bmep582020:-, cpe:/h:schneider-electric:modicon_m580_bmep582020h:-, cpe:/h:schneider-electric:modicon_m580_bmep582040:-, cpe:/h:schneider-electric:modicon_m580_bmep582040h:-, cpe:/h:schneider-electric:modicon_m580_bmep582040s:-, cpe:/h:schneider-electric:modicon_m580_bmep583020:-, cpe:/h:schneider-electric:modicon_m580_bmep583040:-, cpe:/h:schneider-electric:modicon_m580_bmep584020:-, cpe:/h:schneider-electric:modicon_m580_bmep584040:-, cpe:/h:schneider-electric:modicon_m580_bmep584040s:-, cpe:/h:schneider-electric:modicon_m580_bmep585040:-, cpe:/h:schneider-electric:modicon_m580_bmep585040c:-, cpe:/h:schneider-electric:modicon_m580_bmep586040:-, cpe:/h:schneider-electric:modicon_m580_bmep586040c:-, cpe:/h:schneider-electric:modicon_momentum_171cbu78090:-, cpe:/h:schneider-electric:modicon_momentum_171cbu98090:-, cpe:/h:schneider-electric:modicon_momentum_171cbu98091:-, cpe:/h:schneider-electric:modicon_premium_tsxp57_1634m:-, cpe:/h:schneider-electric:modicon_premium_tsxp57_2634m:-, cpe:/h:schneider-electric:modicon_premium_tsxp57_2834m:-, cpe:/h:schneider-electric:modicon_premium_tsxp57_454m:-, cpe:/h:schneider-electric:modicon_premium_tsxp57_4634m:-, cpe:/h:schneider-electric:modicon_premium_tsxp57_554m:-, cpe:/h:schneider-electric:modicon_premium_tsxp57_5634m:-, cpe:/h:schneider-electric:modicon_premium_tsxp57_6634m:-, cpe:/h:schneider-electric:modicon_quantum_140cpu65150:-, cpe:/h:schneider-electric:modicon_quantum_140cpu65150c:-, cpe:/h:schneider-electric:modicon_quantum_140cpu65160:-, cpe:/h:schneider-electric:modicon_quantum_140cpu65160c:-, cpe:/h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-, cpe:/h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-

Required KB Items: Tenable.ot/Schneider

Exploit Ease: No known exploits are available

Patch Publication Date: 9/2/2021

Vulnerability Publication Date: 9/2/2021

Reference Information

CVE: CVE-2021-22790

CWE: 125