5.3
CVE-2021-22749
- EPSS 0.36%
- Published 11.06.2021 16:15:09
- Last modified 21.11.2024 05:50:35
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.
Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Modicon X80 Bmxnor0200h Rtu Firmware Versionsv1.6 Updateir4
Schneider-electric ≫ Modicon X80 Bmxnor0200h Rtu Firmware Versionsv1.7 Updateir10
Schneider-electric ≫ Modicon X80 Bmxnor0200h Rtu Firmware Versionsv1.7 Updateir15b
Schneider-electric ≫ Modicon X80 Bmxnor0200h Rtu Firmware Versionsv1.7 Updateir17
Schneider-electric ≫ Modicon X80 Bmxnor0200h Rtu Firmware Versionsv1.7 Updateir18
Schneider-electric ≫ Modicon X80 Bmxnor0200h Rtu Firmware Versionsv1.7 Updateir19
Schneider-electric ≫ Modicon X80 Bmxnor0200h Rtu Firmware Versionsv1.7 Updateir20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.549 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.