CVE-2021-22785

HIGH

7.5

CVSS Severity Score

EPSS Score0.1300%

EPSS Percentile35.69th

Published2022年2月11日

Last Modified2026年5月29日

Vulnerability Description

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

All versions

References & Advisories

🔗 https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02

Vulnerability Description

Affected Platforms (CPE)

Modicon M340 Bmxp342020 Firmware

Bmxnoe0100 Firmware

Bmxnoe0110 Firmware

Bmxnoc0401 Firmware

Bmxnor0200h Rtu Firmware

Tsxp574634 Firmware

Tsxp575634 Firmware

Tsxp576634 Firmware

140cpu65150 Firmware

140noe771x1 Firmware

140noc78x00 Firmware

140noc77101 Firmware

Tsxety4103 Firmware

Tsxety5103 Firmware

References & Advisories

関連する脆弱性情報