Details of VAR-202109-0204

ID

VAR-202109-0204

CVE

CVE-2021-22792

TITLE

plural Schneider Electric In the product NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-011449

DESCRIPTION

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). plural Schneider Electric The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-22792 // JVNDB: JVNDB-2021-011449 // VULMON: CVE-2021-22792

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m580 bmeh584040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh582040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep581020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 454m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh586040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582020h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh584040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon mc80 bmkc8030311	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep585040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582040h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep584040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 2634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh584040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh586040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep586040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65150c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep584040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 1634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 554m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon momentum 171cbu78090	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342030	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep585040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh582040c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65160	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh582040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	plc simulator for ecostruxure process expert	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342010	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon momentum 171cbu98090	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon mc80 bmkc8020301	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon momentum 171cbu98091	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 2834m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 4634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp341000	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep582040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep584020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65150	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep581020h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep583040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	plc simulator for ecostruxure control expert	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 5634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon quantum 140cpu65160c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon mc80 bmkc8020310	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon premium tsxp57 6634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep586040	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmep583020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmeh586040s	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342010	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh584040	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh582040c	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh584040c	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh584040s	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh582040s	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m340 bmxp342030	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m340 bmxp342020	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m340 bmxp341000	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580 bmeh582040	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-011449 // NVD: CVE-2021-22792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22792
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22792
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202109-129
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-22792
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22792
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-22792
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22792
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-22792 // JVNDB: JVNDB-2021-011449 // CNNVD: CNNVD-202109-129 // NVD: CVE-2021-22792

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	NULL Pointer dereference (CWE-476) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011449 // NVD: CVE-2021-22792

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-129

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202109-129

PATCH

title:	SEVD-2021-222-04	url:	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04	Trust: 0.8
title:	Schneider Electric Modicon M580 CPU Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161395	Trust: 0.6

sources: JVNDB: JVNDB-2021-011449 // CNNVD: CNNVD-202109-129

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22792	Trust: 3.3
db:	SCHNEIDER	id:	SEVD-2021-222-04	Trust: 1.7
db:	SCHNEIDER	id:	SEVD-2021-222-07	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-011449	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-129	Trust: 0.6
db:	VULMON	id:	CVE-2021-22792	Trust: 0.1

sources: VULMON: CVE-2021-22792 // JVNDB: JVNDB-2021-011449 // CNNVD: CNNVD-202109-129 // NVD: CVE-2021-22792

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-222-07	Trust: 1.7
url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-222-04	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22792	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/476.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-22792 // JVNDB: JVNDB-2021-011449 // CNNVD: CNNVD-202109-129 // NVD: CVE-2021-22792

SOURCES

db:	VULMON	id:	CVE-2021-22792
db:	JVNDB	id:	JVNDB-2021-011449
db:	CNNVD	id:	CNNVD-202109-129
db:	NVD	id:	CVE-2021-22792

LAST UPDATE DATE

2024-08-14T14:31:38.508000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-22792	date:	2021-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-011449	date:	2022-07-29T07:29:00
db:	CNNVD	id:	CNNVD-202109-129	date:	2021-09-14T00:00:00
db:	NVD	id:	CVE-2021-22792	date:	2021-09-13T18:14:53.380

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-22792	date:	2021-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-011449	date:	2022-07-29T00:00:00
db:	CNNVD	id:	CNNVD-202109-129	date:	2021-09-02T00:00:00
db:	NVD	id:	CVE-2021-22792	date:	2021-09-02T17:15:08.343