CVE-2021-22816

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E and 357E RTUs with firmware V8.18.1 and prior
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
schneiderCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
schneider-electricscadapack_312e_firmware
𝑥
< 8.19.1
schneider-electricscadapack_313e_firmware
𝑥
< 8.19.1
schneider-electricscadapack_314e_firmware
𝑥
< 8.19.1
schneider-electricscadapack_330e_firmware
𝑥
< 8.19.1
schneider-electricscadapack_333e_firmware
𝑥
< 8.19.1
schneider-electricscadapack_334e_firmware
𝑥
< 8.19.1
schneider-electricscadapack_337e_firmware
𝑥
< 8.19.1
schneider-electricscadapack_350e_firmware
𝑥
< 8.19.1
schneider-electricscadapack_357e_firmware
𝑥
< 8.19.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01