CVE-2021-22769

Опубликовано: 11 июн. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.

Ссылки

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02
Vendor Advisory
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*

Версия до 2.7.1 (включая)

cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00226

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-552

Связанные уязвимости

GHSA-979h-w3gc-xrmq

github

больше 3 лет назад

A CWE-269: Improper Privilege Management vulnerability exists in EnerlinÕX ComÕX versions prior to V6.8.4 that could cause disclosure of device configuration information to any authenticated user when a specially crafted request is sent to the device.