Cyber Resilience

CVE-2021-22790

MediumUpdated

Published: 02 September 2021

Published
02 September 2021
Modified
29 May 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0044 63.5th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-22790 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Schneider-Electric Modicon M340 Bmxp341000. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 36.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*,…

more

all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

schneider-electric
modicon m340 bmxp341000
all versions
schneider-electric
modicon m340 bmxp342010
all versions
schneider-electric
modicon m340 bmxp342020
all versions
schneider-electric
modicon m340 bmxp342030
all versions
schneider-electric
modicon m580 bmeh582040
all versions
schneider-electric
modicon m580 bmeh582040c
all versions
schneider-electric
modicon m580 bmeh582040s
all versions
schneider-electric
modicon m580 bmeh584040
all versions
schneider-electric
modicon m580 bmeh584040c
all versions
schneider-electric
modicon m580 bmeh584040s
all versions
+39 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References