Unknown
CVE-2021-22792
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2021-22792
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH, all versions), Modicon M340 CPU (part numbers BMXP34, all versions), Modicon MC80 (part numbers BMKC80, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU, all versions), Modicon Premium CPU (part numbers TSXP5, all versions).
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- modicon m340 bmxp341000 -,
- modicon m340 bmxp342010 -,
- modicon m340 bmxp342020 -,
- modicon m340 bmxp342030 -,
- modicon m580 bmeh582040 -,
- modicon m580 bmeh582040c -,
- modicon m580 bmeh582040s -,
- modicon m580 bmeh584040 -,
- modicon m580 bmeh584040c -,
- modicon m580 bmeh584040s -,
- modicon m580 bmeh586040 -,
- modicon m580 bmeh586040c -,
- modicon m580 bmeh586040s -,
- modicon m580 bmep581020 -,
- modicon m580 bmep581020h -,
- modicon m580 bmep582020 -,
- modicon m580 bmep582020h -,
- modicon m580 bmep582040 -,
- modicon m580 bmep582040h -,
- modicon m580 bmep582040s -,
- modicon m580 bmep583020 -,
- modicon m580 bmep583040 -,
- modicon m580 bmep584020 -,
- modicon m580 bmep584040 -,
- modicon m580 bmep584040s -,
- modicon m580 bmep585040 -,
- modicon m580 bmep585040c -,
- modicon m580 bmep586040 -,
- modicon m580 bmep586040c -,
- modicon mc80 bmkc8020301 -,
- modicon mc80 bmkc8020310 -,
- modicon mc80 bmkc8030311 -,
- modicon momentum 171cbu78090 -,
- modicon momentum 171cbu98090 -,
- modicon momentum 171cbu98091 -,
- modicon premium tsxp57 1634m -,
- modicon premium tsxp57 2634m -,
- modicon premium tsxp57 2834m -,
- modicon premium tsxp57 454m -,
- modicon premium tsxp57 4634m -,
- modicon premium tsxp57 554m -,
- modicon premium tsxp57 5634m -,
- modicon premium tsxp57 6634m -,
- modicon quantum 140cpu65150 -,
- modicon quantum 140cpu65150c -,
- modicon quantum 140cpu65160 -,
- modicon quantum 140cpu65160c -,
- plc simulator for ecostruxure control expert -,
- plc simulator for ecostruxure process expert -
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
