CRITICAL🇬🇧 English

CVE-2021-22779

CVSS 9.1v3.1pub. 2021-07-14upd. 2026-05-29

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Schneider Electric Ecostruxure Control Expert

    APP
    Schneider-Electric
    15.0< 15.0
  • Schneider Electric Ecostruxure Process Expert

    APP
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp341000

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp341000 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp342010

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp342010 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp342020

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp342020 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp342030

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp342030 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh582040

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh582040c

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh582040c Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh582040 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh582040s

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh582040s Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh584040

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh584040c

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh584040c Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh584040 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh584040s

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh584040s Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh586040

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh586040c

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh586040c Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh586040 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh586040s

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmeh586040s Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmep581020

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Bmep581020 Firmware

    OS
    Schneider-Electric
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2022-37300CRITICAL9.8ten sam produkt

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unaut...

CVE-2022-26507CRITICAL9.8ten sam produkt

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted inp...

CVE-2020-7540CRITICAL9.8ten sam produkt

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340...

CVE-2020-7533CRITICAL9.8ten sam produkt

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webse...

CVE-2020-28212CRITICAL9.8ten sam produkt

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on ...