CVE-2021-22785

high

Published 2022-02-11 · Modified 2026-05-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.5

Description

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

Predictions

Exploit likelihood

83%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions
schneider-electric	tsxp575634	`-`
schneider-electric	140cpu65150	`-`
schneider-electric	140noe771x1	`-`
schneider-electric	140noc78x00	`-`
schneider-electric	140noc77101	`-`
schneider-electric	tsxety4103	`-`
schneider-electric	tsxety5103	`-`
schneider-electric	modicon_m340_bmxp342020	`-`
schneider-electric	tsxp576634	`-`
schneider-electric	bmxnoe0100	`-`
schneider-electric	bmxnoe0110	`-`
schneider-electric	bmxnoc0401	`-`
schneider-electric	bmxnor0200h_rtu	`-`
schneider-electric	tsxp574634	`-`

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02

CWEs

CWE-200

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.