CVE-2021-22816

Published: Jan 28, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E and 357E RTUs with firmware V8.18.1 and prior

Affected (9)

Products: Schneider Electric: Scadapack 312e Firmware, Scadapack 313e Firmware, Scadapack 314e Firmware, Scadapack 330e Firmware, Scadapack 333e Firmware, Scadapack 334e Firmware, Scadapack 337e Firmware, Scadapack 350e Firmware, Scadapack 357e Firmware

Schneider Electric

9 products

Scadapack 312e Firmware

Scadapack 313e Firmware

Scadapack 314e Firmware

Scadapack 330e Firmware

Scadapack 333e Firmware

Scadapack 334e Firmware

Scadapack 337e Firmware

Scadapack 350e Firmware

Scadapack 357e Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scadapack 312e Firmware	Before 8.19.1

Running on/with	Platform Versions
Schneider Electric Scadapack 312e	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scadapack 313e Firmware	Before 8.19.1

Running on/with	Platform Versions
Schneider Electric Scadapack 313e	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scadapack 314e Firmware	Before 8.19.1

Running on/with	Platform Versions
Schneider Electric Scadapack 314e	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scadapack 330e Firmware	Before 8.19.1

Running on/with	Platform Versions
Schneider Electric Scadapack 330e	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scadapack 333e Firmware	Before 8.19.1

Running on/with	Platform Versions
Schneider Electric Scadapack 333e	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scadapack 334e Firmware	Before 8.19.1

Running on/with	Platform Versions
Schneider Electric Scadapack 334e	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scadapack 337e Firmware	Before 8.19.1

Running on/with	Platform Versions
Schneider Electric Scadapack 337e	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scadapack 350e Firmware	Before 8.19.1

Running on/with	Platform Versions
Schneider Electric Scadapack 350e	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scadapack 357e Firmware	Before 8.19.1

Running on/with	Platform Versions
Schneider Electric Scadapack 357e	All versions

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01

Source: cybersecurity@se.com

Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.