Vulnerabilities > CVE-2021-22747 - Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products

CVSS 3.9 - LOW

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

low complexity

schneider-electric

CWE-754

NVD

Published: 2021-05-26

Updated: 2021-06-07

Summary

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22746.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Triconex Model 3009 MP Firmware 11.3.0 Schneider Electric Triconex Model 3009 MP Firmware 11.4.0 Schneider Electric Triconex Model 3009 MP Firmware 11.5.0 Schneider Electric Triconex Model 3009 MP Firmware 11.7.0 Schneider Electric TCM 4351B Firmware 11.3.0 Schneider Electric TCM 4351B Firmware 11.4.0 Schneider Electric TCM 4351B Firmware 11.5.0 Schneider Electric TCM 4351B Firmware 11.7.0	8
Hardware	Schneider-Electric Schneider Electric Triconex Model 3009 MP - Schneider Electric TCM 4351B -	2

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03