VDB
CVE-2021-22749
CVE-2021-22749
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.
EPSS 0.26% · 49.8th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.26%
49.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | modicon_x80_bmxnor0200h_rtu_firmware | *, sv1.6, sv1.7 |
| n/a | Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior | Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior |
Exploit Intelligence
Timeline
- Jun 9, 2021 CVE Published
- Jun 12, 2021 EPSS Score
- Aug 13, 2021 EPSS Score
- Oct 12, 2021 EPSS Score
- Dec 12, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 11, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 13, 2022 EPSS Score
- Jun 12, 2022 EPSS Score
- Aug 13, 2022 EPSS Score
- Oct 13, 2022 EPSS Score
References
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-22749 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-06 advisory