{"containers": {"cna": {"affected": [{"product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"}]}], "descriptions": [{"lang": "en", "value": "A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-02T16:52:39.000Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2021-22790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)", "version": {"version_data": [{"version_value": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125: Out-of-bounds Read"}]}]}, "references": {"reference_data": [{"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05", "refsource": "MISC", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:51:07.462Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-05-29T13:54:44.235690Z", "id": "CVE-2021-22790", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T13:57:18.105Z"}}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2021-22790", "datePublished": "2021-09-02T16:52:39.000Z", "dateReserved": "2021-01-06T00:00:00.000Z", "dateUpdated": "2026-05-29T13:57:18.105Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:51:07.462Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-22790", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-29T13:54:44.235690Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T13:54:38.765Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)", "versions": [{"status": "affected", "version": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"}]}], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2021-09-02T16:52:39.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"}]}, "product_name": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05", "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125: Out-of-bounds Read"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-22790", "STATE": "PUBLIC", "ASSIGNER": "cybersecurity@schneider-electric.com"}}}}, "cveMetadata": {"cveId": "CVE-2021-22790", "state": "PUBLISHED", "dateUpdated": "2026-05-29T13:57:18.105Z", "dateReserved": "2021-01-06T00:00:00.000Z", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "datePublished": "2021-09-02T16:52:39.000Z", "assignerShortName": "schneider"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)"}]}], "source": "cybersecurity@se.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*", "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*", "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*", "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*", "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*", "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*", "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*", "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*", "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*", "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*", "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*", "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*", "matchCriteriaId": "62B3CEFA-BCF8-4305-B81A-980AA1352515", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C1A9EE4-9564-45F6-8CF8-1A820E469B41", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*", "matchCriteriaId": "026D5E27-E50D-4614-A3EB-C54150C85572", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B765DF6-1D0A-4191-9AD7-250A7EB691BF", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*", "matchCriteriaId": "67152082-E085-4111-98BA-6E9EF14ADB91", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD68FC34-691B-406E-A59D-2596215AE314", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*", "matchCriteriaId": "39E46898-7206-45C1-9A93-729B5905EF38", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*", "matchCriteriaId": "C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*", "matchCriteriaId": "32B611B6-1138-40DF-848A-A4A10E1DB0F2", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*", "matchCriteriaId": "4479C318-EE74-4338-B172-EC13D4D62246", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*", "matchCriteriaId": "98A25B72-B3A9-4717-8AA9-B164226DF9D9", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*", "matchCriteriaId": "889E9E8B-688E-420E-9A99-AB64BA7ABCDC", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E3446A5-69F7-4270-93E2-CD5614970698", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*", "matchCriteriaId": "08FE0C5D-3132-48AD-92EB-B7C4277C1FAA", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD3F1B7C-7972-463E-930E-F359A402DAF5", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC9D2D4D-558B-424E-AB04-429C83F06DB7", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A63ECFF-261A-4C39-964E-CBC4B97147DC", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B722F22-2CEB-426B-9615-DD3B73A671F4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."}, {"lang": "es", "value": "UN CWE-125: Una vulnerabilidad de Lectura Fuera de L\u00edmites que podr\u00eda causar una Denegaci\u00f3n de Servicio en el controlador/simulador del PLC Modicon cuando se actualiza la aplicaci\u00f3n del controlador con un archivo de proyecto especialmente dise\u00f1ado se presenta en Modicon M580 CPU (n\u00fameros de pieza BMEP* y BMEH*, todas las versiones), CPU Modicon M340 (n\u00fameros de pieza BMXP34*, todas las versiones), Modicon MC80 (n\u00fameros de pieza BMKC80*, todas las versiones), CPU Modicon Momentum Ethernet (n\u00fameros de pieza 171CBU*, todas las versiones), PLC Simulator for EcoStruxure\u00aa Control Expert, incluyendo todas las versiones Unity Pro (antiguo nombre de EcoStruxure\u00aa Control Expert, todas las versiones), PLC Simulator for EcoStruxure\u00aa Process Expert incluyendo todas las versiones HDCS (antiguo nombre de EcoStruxure\u00aa Process Expert, todas las versiones), Modicon Quantum CPU (n\u00fameros de pieza 140CPU*, todas las versiones), Modicon Premium CPU (n\u00fameros de pieza TSXP5*, todas las versiones)"}], "id": "CVE-2021-22790", "lastModified": "2026-06-17T03:37:47.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2021-22790", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2026-05-29T13:54:44.235690Z", "version": "2.0.3"}}]}, "published": "2021-09-02T17:15:08.237", "references": [{"source": "cybersecurity@se.com", "tags": ["Not Applicable"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"}, {"source": "nvd@nist.gov", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "cybersecurity@se.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}