ICSA-21-194-02 · Published 2021-07-27 · View on CISA ICS-CERT ↗

Schneider Electric Modicon Controllers and Software (Update A)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities may allow arbitrary code execution and loss of confidentiality and integrity of the project file.

CVE-2021-22778 CVE-2021-22779 CVE-2020-12525 CVE-2021-22780 CVE-2021-22781 CVE-2021-22782

Schneider Electric provides detailed mitigation information for each of the affected products in their own advisory, for more information about these issues, please refer to the original Schneider Electric publication SEVD-2021-194-01.

Schneider Electric Software, LLC

Schneider Electric Software, LLC · EcoStruxure Process Expert vers:all/*

Schneider Electric Software, LLC · EcoStruxure Control Expert 15.0 SP1

Schneider Electric Software, LLC · Modicon M340 CPU (part numbers BMXP34*) vers:all/*

Schneider Electric Software, LLC · Modicon M580 CPU (part numbers BMEP* and BMEH*) vers:all/*

Schneider Electric Software, LLC · SCADAPack RemoteConnect for x70 vers:all/*

Schneider Electric Software, LLC · EcoStruxure Control Expert < 15.0 SP1

Commercial Facilities, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.