CVE-2021-22749

Published: Jun 11, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.

Affected (7)

Products: Schneider Electric: Modicon X80 Bmxnor0200h Rtu Firmware

Schneider Electric

1 product

Modicon X80 Bmxnor0200h Rtu Firmware

Configuration A

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon X80 Bmxnor0200h Rtu Firmware	Version sv1.6 ir4
Schneider Electric Modicon X80 Bmxnor0200h Rtu Firmware	Version sv1.7 ir10
Schneider Electric Modicon X80 Bmxnor0200h Rtu Firmware	Version sv1.7 ir15b
Schneider Electric Modicon X80 Bmxnor0200h Rtu Firmware	Version sv1.7 ir17
Schneider Electric Modicon X80 Bmxnor0200h Rtu Firmware	Version sv1.7 ir18
Schneider Electric Modicon X80 Bmxnor0200h Rtu Firmware	Version sv1.7 ir19
Schneider Electric Modicon X80 Bmxnor0200h Rtu Firmware	Version sv1.7 ir20

Running on/with	Platform Versions
Schneider Electric Modicon X80 Bmxnor0200h Rtu	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05

Source: cybersecurity@se.com

Vendor Advisory

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.