CVE-2021-22786 Information

Description

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34) (Versions prior to V3.30) Modicon M580 CPU (part numbers BMEP and BMEH) (Versions prior to SV3.20) Modicon MC80 (BMKC80) (Versions prior to V1.6) Modicon M580 CPU Safety (part numbers BMEP58S and BMEH58S) (All Versions) Modicon Momentum MDI (171CBU) (Versions prior to V2.3) Legacy Modicon Quantum (All Versions)

Reference

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdf