Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-22749

Опубликовано: 11 июн. 2021
Источник: nvd
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.6:ir4:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir10:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir15b:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir17:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir18:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir19:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_x80_bmxnor0200h_rtu_firmware:sv1.7:ir20:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_x80_bmxnor0200h_rtu:-:*:*:*:*:*:*:*

EPSS

Процентиль: 57%
0.00356
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

github логотип

GHSA-xmrj-wjpx-qx78

github
больше 3 лет назад

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.

EPSS

Процентиль: 57%
0.00356
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200