How severe is CVE-2021-22788?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-22788?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2021-22788 - HIGH Severity | CVSS 7.5

Vulnerability Description

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

Related Vulnerabilities

CVE-2006-20001

HIGH

CVSS:7.5(High)

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. Th...

CWE-7872006

CVE-2013-5659

HIGH

CVSS:7.5(High)

Wiz 5.0.3 has a user mode write access violation

CWE-7872013

CVE-2015-8619

HIGH

CVSS:7.5(High)

The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).

CWE-7872015

CVE-2015-9542

HIGH

CVSS:7.5(High)

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could s...

CWE-7872015

CVE-2016-0189

HIGH

CVSS:7.5(High)

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of ...

CWE-7872016

CVE-2016-10196

HIGH

CVSS:7.5(High)

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involvin...

CWE-7872016