VIR Vulnerability Intelligence Relay

CVE-2021-22791

medium
Published 2021-09-02 · Modified 2026-05-29
💬 Discuss on Community ✚ Propose mitigation
CVSS v3
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS v4 NEW
not yet in upstream
VIR risk
6.5

Description

A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
schneider-electricmodicon_m340_bmxp341000-
schneider-electricmodicon_m340_bmxp342010-
schneider-electricmodicon_m340_bmxp342020-
schneider-electricmodicon_m340_bmxp342030-
schneider-electricmodicon_m580_bmeh582040-
schneider-electricmodicon_m580_bmeh582040c-
schneider-electricmodicon_m580_bmeh582040s-
schneider-electricmodicon_m580_bmeh584040-
schneider-electricmodicon_m580_bmeh584040c-
schneider-electricmodicon_m580_bmeh584040s-
schneider-electricmodicon_m580_bmeh586040-
schneider-electricmodicon_m580_bmeh586040c-
schneider-electricmodicon_m580_bmeh586040s-
schneider-electricmodicon_m580_bmep581020-
schneider-electricmodicon_m580_bmep581020h-
schneider-electricmodicon_m580_bmep582020-
schneider-electricmodicon_m580_bmep582020h-
schneider-electricmodicon_m580_bmep582040-
schneider-electricmodicon_m580_bmep582040h-
schneider-electricmodicon_m580_bmep582040s-
schneider-electricmodicon_m580_bmep583020-
schneider-electricmodicon_m580_bmep583040-
schneider-electricmodicon_m580_bmep584020-
schneider-electricmodicon_m580_bmep584040-
schneider-electricmodicon_m580_bmep584040s-
schneider-electricmodicon_m580_bmep585040-
schneider-electricmodicon_m580_bmep585040c-
schneider-electricmodicon_m580_bmep586040-
schneider-electricmodicon_m580_bmep586040c-
schneider-electricmodicon_mc80_bmkc8020301-
schneider-electricmodicon_mc80_bmkc8020310-
schneider-electricmodicon_mc80_bmkc8030311-
schneider-electricmodicon_momentum_171cbu78090-
schneider-electricmodicon_momentum_171cbu98090-
schneider-electricmodicon_momentum_171cbu98091-
schneider-electricmodicon_premium_tsxp57_1634m-
schneider-electricmodicon_premium_tsxp57_2634m-
schneider-electricmodicon_premium_tsxp57_2834m-
schneider-electricmodicon_premium_tsxp57_454m-
schneider-electricmodicon_premium_tsxp57_4634m-
schneider-electricmodicon_premium_tsxp57_554m-
schneider-electricmodicon_premium_tsxp57_5634m-
schneider-electricmodicon_premium_tsxp57_6634m-
schneider-electricmodicon_quantum_140cpu65150-
schneider-electricmodicon_quantum_140cpu65150c-
schneider-electricmodicon_quantum_140cpu65160-
schneider-electricmodicon_quantum_140cpu65160c-
schneider-electricplc_simulator_for_ecostruxure_control_expert-
schneider-electricplc_simulator_for_ecostruxure_process_expert-

References

CWEs

CWE-787

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.