cvelistv5 - cve-2021-22770

CVE-2021-22770 (GCVE-0-2021-22770)

Vulnerability from cvelistv5 – Published: 2021-07-21 10:40 – Updated: 2024-08-03 18:51

Summary

Severity ?

No CVSS data available.

CWE

CWE-200 - Information Exposure

Assigner

schneider

References

URL

Tags

http://download.schneider-electric.com/files?p_Do…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Easergy T300 with firmware V2.7.1 and older	Affected: Easergy T300 with firmware V2.7.1 and older

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Easergy T300 with firmware V2.7.1 and older",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Easergy T300 with firmware V2.7.1 and older"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-21T10:40:12",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22770",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Easergy T300 with firmware V2.7.1 and older",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Easergy T300 with firmware V2.7.1 and older"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200: Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02",
              "refsource": "MISC",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22770",
    "datePublished": "2021-07-21T10:40:12",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:51:07.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.7.1\", \"matchCriteriaId\": \"E07AFED6-47CC-4A19-80DB-C537F4F07736\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45E6C3FA-001D-449A-A512-327FA0C9AC5A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information.\"}, {\"lang\": \"es\", \"value\": \"A CWE-200: Se presenta una vulnerabilidad de Exposici\\u00f3n de Informaci\\u00f3n en Easergy T300 con versiones de firmware V2.7.1 y anteriores, que expone informaci\\u00f3n confidencial a un actor no autorizado expl\\u00edcitamente tener acceso a dicha informaci\\u00f3n\"}]",
      "id": "CVE-2021-22770",
      "lastModified": "2024-11-21T05:50:38.013",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-07-21T15:15:14.977",
      "references": "[{\"url\": \"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cybersecurity@se.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-22770\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2021-07-21T15:15:14.977\",\"lastModified\":\"2024-11-21T05:50:38.013\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information.\"},{\"lang\":\"es\",\"value\":\"A CWE-200: Se presenta una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en Easergy T300 con versiones de firmware V2.7.1 y anteriores, que expone informaci\u00f3n confidencial a un actor no autorizado expl\u00edcitamente tener acceso a dicha informaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.7.1\",\"matchCriteriaId\":\"E07AFED6-47CC-4A19-80DB-C537F4F07736\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45E6C3FA-001D-449A-A512-327FA0C9AC5A\"}]}]}],\"references\":[{\"url\":\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2021-22770

Vulnerability from fkie_nvd - Published: 2021-07-21 15:15 - Updated: 2024-11-21 05:50

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	cybersecurity@se.com	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02	Vendor Advisory

Impacted products

	Vendor	Product	Version
	schneider-electric	easergy_t300_firmware	*
	schneider-electric	easergy_t300	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07AFED6-47CC-4A19-80DB-C537F4F07736",
              "versionEndIncluding": "2.7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E6C3FA-001D-449A-A512-327FA0C9AC5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information."
    },
    {
      "lang": "es",
      "value": "A CWE-200: Se presenta una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en Easergy T300 con versiones de firmware V2.7.1 y anteriores, que expone informaci\u00f3n confidencial a un actor no autorizado expl\u00edcitamente tener acceso a dicha informaci\u00f3n"
    }
  ],
  "id": "CVE-2021-22770",
  "lastModified": "2024-11-21T05:50:38.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-21T15:15:14.977",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

CERTFR-2021-AVI-517

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un dénis de service, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EcoStruxure Control Expert toutes versions (versions Unity Pro inclus) antérieures 15.0 SP1
EcoStruxure Control Expert version antérieures à V15.0 SP1 sans le dernier correctif
EcoStruxure Process Expert toutes versions (versions EcoStruxure Hybrid DCS inclus)
SCADAPack RemoteConnect for x70 toutes versions
Modicon M580 CPU (part numbers BMEP* et BMEH*) toutes versions
Modicon M340 CPU (part numbers BMXP34*) toutes versions
SoSafe Configurable versions antérieures à 1.8.1
C-Bus Toolkit versions antérieures à 1.15.9
Easergy T300 avec un microgiciel (firmware) en versions antérieures à 2.8
Easergy T200 (Modbus) versions antérieures à SC2-04MOD-07000103
Easergy T200 (IEC104) versions antérieures à SC2-04IEC-07000103
Easergy T200 (DNP3) versions antérieures à SC2-04DNP-07000103
EVlink CityEVC1S22P4 / EVC1S7P4 versions antérieures à R8 V3.4.0.1
EVlink ParkingEVW2 / EVF2 / EV.2 versions antérieures à R8 V3.4.0.1
EVlink Smart WallboxEVB1A versions antérieures à R8 V3.4.0.1

Note : Actuellement, aucun correctif n'est proposé pour les vulnérabilités dans les produits EcoStruxure Process Expert, Modicon M580, Modicon M340 et SCADAPack. Cependant des mesures de contournement sont proposées par l'éditeur pour les produits Modicon M580 et M340 afin de réduire le risque et l'impact d'exploitation de la CVE-2021-22779.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2021-194-04 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-03 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-02 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-05 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-06 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-01 du 13 juillet 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eEcoStruxure Control Expert toutes versions (versions Unity Pro inclus) ant\u00e9rieures 15.0 SP1\u003c/li\u003e \u003cli\u003eEcoStruxure Control Expert version ant\u00e9rieures \u00e0 V15.0 SP1 sans le dernier correctif\u003c/li\u003e \u003cli\u003eEcoStruxure Process Expert toutes versions (versions EcoStruxure Hybrid DCS inclus)\u003c/li\u003e \u003cli\u003eSCADAPack RemoteConnect for x70 toutes versions\u003c/li\u003e \u003cli\u003eModicon M580 CPU (part numbers BMEP* et BMEH*) toutes versions\u003c/li\u003e \u003cli\u003eModicon M340 CPU (part numbers BMXP34*) toutes versions\u003c/li\u003e \u003cli\u003eSoSafe Configurable versions ant\u00e9rieures \u00e0 1.8.1\u003c/li\u003e \u003cli\u003eC-Bus Toolkit versions ant\u00e9rieures \u00e0 1.15.9\u003c/li\u003e \u003cli\u003eEasergy T300 avec un microgiciel (firmware) en versions ant\u00e9rieures \u00e0 2.8\u003c/li\u003e \u003cli\u003eEasergy T200 (Modbus) versions ant\u00e9rieures \u00e0 SC2-04MOD-07000103\u003c/li\u003e \u003cli\u003eEasergy T200 (IEC104) versions ant\u00e9rieures \u00e0 SC2-04IEC-07000103\u003c/li\u003e \u003cli\u003eEasergy T200 (DNP3) versions ant\u00e9rieures \u00e0 SC2-04DNP-07000103\u003c/li\u003e \u003cli\u003eEVlink CityEVC1S22P4 / EVC1S7P4 versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003cli\u003eEVlink ParkingEVW2 / EVF2 / EV.2 versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003cli\u003eEVlink Smart WallboxEVB1A versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e\u003cem\u003eNote : Actuellement, aucun correctif n\u0027est propos\u00e9 pour les vuln\u00e9rabilit\u00e9s dans les produits EcoStruxure Process Expert, Modicon M580, Modicon M340 et SCADAPack. Cependant des mesures de contournement sont propos\u00e9es par l\u0027\u00e9diteur pour les produits Modicon M580 et M340 afin de r\u00e9duire le risque et l\u0027impact d\u0027exploitation de la CVE-2021-22779.\u003c/em\u003e\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22771"
    },
    {
      "name": "CVE-2021-22721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22721"
    },
    {
      "name": "CVE-2021-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
    },
    {
      "name": "CVE-2021-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
    },
    {
      "name": "CVE-2021-22777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22777"
    },
    {
      "name": "CVE-2021-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
    },
    {
      "name": "CVE-2021-22729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22729"
    },
    {
      "name": "CVE-2021-22708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22708"
    },
    {
      "name": "CVE-2021-22727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22727"
    },
    {
      "name": "CVE-2021-22774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22774"
    },
    {
      "name": "CVE-2021-22773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22773"
    },
    {
      "name": "CVE-2021-22706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22706"
    },
    {
      "name": "CVE-2021-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
    },
    {
      "name": "CVE-2021-22778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
    },
    {
      "name": "CVE-2021-22728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22728"
    },
    {
      "name": "CVE-2021-22730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22730"
    },
    {
      "name": "CVE-2021-22770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22770"
    },
    {
      "name": "CVE-2021-22784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22784"
    },
    {
      "name": "CVE-2021-22769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22769"
    },
    {
      "name": "CVE-2021-22723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22723"
    },
    {
      "name": "CVE-2021-22726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22726"
    },
    {
      "name": "CVE-2021-22722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22722"
    },
    {
      "name": "CVE-2020-12525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
    },
    {
      "name": "CVE-2021-22772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22772"
    },
    {
      "name": "CVE-2021-22707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22707"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-517",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9nis de service, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-04 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-03 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-02 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-05 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-06 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2021-194-06_EVlink_City_Parking_SmartWallbox_Charging_Stations_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2021-194-06"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340.pdf\u0026p_Doc_Ref=SEVD-2021-194-01"
    }
  ]
}

CERTFR-2021-AVI-517

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EcoStruxure Control Expert toutes versions (versions Unity Pro inclus) antérieures 15.0 SP1
EcoStruxure Control Expert version antérieures à V15.0 SP1 sans le dernier correctif
EcoStruxure Process Expert toutes versions (versions EcoStruxure Hybrid DCS inclus)
SCADAPack RemoteConnect for x70 toutes versions
Modicon M580 CPU (part numbers BMEP* et BMEH*) toutes versions
Modicon M340 CPU (part numbers BMXP34*) toutes versions
SoSafe Configurable versions antérieures à 1.8.1
C-Bus Toolkit versions antérieures à 1.15.9
Easergy T300 avec un microgiciel (firmware) en versions antérieures à 2.8
Easergy T200 (Modbus) versions antérieures à SC2-04MOD-07000103
Easergy T200 (IEC104) versions antérieures à SC2-04IEC-07000103
Easergy T200 (DNP3) versions antérieures à SC2-04DNP-07000103
EVlink CityEVC1S22P4 / EVC1S7P4 versions antérieures à R8 V3.4.0.1
EVlink ParkingEVW2 / EVF2 / EV.2 versions antérieures à R8 V3.4.0.1
EVlink Smart WallboxEVB1A versions antérieures à R8 V3.4.0.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2021-194-04 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-03 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-02 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-05 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-06 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-01 du 13 juillet 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eEcoStruxure Control Expert toutes versions (versions Unity Pro inclus) ant\u00e9rieures 15.0 SP1\u003c/li\u003e \u003cli\u003eEcoStruxure Control Expert version ant\u00e9rieures \u00e0 V15.0 SP1 sans le dernier correctif\u003c/li\u003e \u003cli\u003eEcoStruxure Process Expert toutes versions (versions EcoStruxure Hybrid DCS inclus)\u003c/li\u003e \u003cli\u003eSCADAPack RemoteConnect for x70 toutes versions\u003c/li\u003e \u003cli\u003eModicon M580 CPU (part numbers BMEP* et BMEH*) toutes versions\u003c/li\u003e \u003cli\u003eModicon M340 CPU (part numbers BMXP34*) toutes versions\u003c/li\u003e \u003cli\u003eSoSafe Configurable versions ant\u00e9rieures \u00e0 1.8.1\u003c/li\u003e \u003cli\u003eC-Bus Toolkit versions ant\u00e9rieures \u00e0 1.15.9\u003c/li\u003e \u003cli\u003eEasergy T300 avec un microgiciel (firmware) en versions ant\u00e9rieures \u00e0 2.8\u003c/li\u003e \u003cli\u003eEasergy T200 (Modbus) versions ant\u00e9rieures \u00e0 SC2-04MOD-07000103\u003c/li\u003e \u003cli\u003eEasergy T200 (IEC104) versions ant\u00e9rieures \u00e0 SC2-04IEC-07000103\u003c/li\u003e \u003cli\u003eEasergy T200 (DNP3) versions ant\u00e9rieures \u00e0 SC2-04DNP-07000103\u003c/li\u003e \u003cli\u003eEVlink CityEVC1S22P4 / EVC1S7P4 versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003cli\u003eEVlink ParkingEVW2 / EVF2 / EV.2 versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003cli\u003eEVlink Smart WallboxEVB1A versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e\u003cem\u003eNote : Actuellement, aucun correctif n\u0027est propos\u00e9 pour les vuln\u00e9rabilit\u00e9s dans les produits EcoStruxure Process Expert, Modicon M580, Modicon M340 et SCADAPack. Cependant des mesures de contournement sont propos\u00e9es par l\u0027\u00e9diteur pour les produits Modicon M580 et M340 afin de r\u00e9duire le risque et l\u0027impact d\u0027exploitation de la CVE-2021-22779.\u003c/em\u003e\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22771"
    },
    {
      "name": "CVE-2021-22721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22721"
    },
    {
      "name": "CVE-2021-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
    },
    {
      "name": "CVE-2021-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
    },
    {
      "name": "CVE-2021-22777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22777"
    },
    {
      "name": "CVE-2021-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
    },
    {
      "name": "CVE-2021-22729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22729"
    },
    {
      "name": "CVE-2021-22708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22708"
    },
    {
      "name": "CVE-2021-22727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22727"
    },
    {
      "name": "CVE-2021-22774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22774"
    },
    {
      "name": "CVE-2021-22773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22773"
    },
    {
      "name": "CVE-2021-22706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22706"
    },
    {
      "name": "CVE-2021-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
    },
    {
      "name": "CVE-2021-22778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
    },
    {
      "name": "CVE-2021-22728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22728"
    },
    {
      "name": "CVE-2021-22730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22730"
    },
    {
      "name": "CVE-2021-22770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22770"
    },
    {
      "name": "CVE-2021-22784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22784"
    },
    {
      "name": "CVE-2021-22769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22769"
    },
    {
      "name": "CVE-2021-22723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22723"
    },
    {
      "name": "CVE-2021-22726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22726"
    },
    {
      "name": "CVE-2021-22722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22722"
    },
    {
      "name": "CVE-2020-12525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
    },
    {
      "name": "CVE-2021-22772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22772"
    },
    {
      "name": "CVE-2021-22707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22707"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-517",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9nis de service, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-04 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-03 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-02 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-05 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-06 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2021-194-06_EVlink_City_Parking_SmartWallbox_Charging_Stations_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2021-194-06"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340.pdf\u0026p_Doc_Ref=SEVD-2021-194-01"
    }
  ]
}

GHSA-4M22-CX4P-J3JQ

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-22770"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-21T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information.",
  "id": "GHSA-4m22-cx4p-j3jq",
  "modified": "2022-05-24T19:08:48Z",
  "published": "2022-05-24T19:08:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22770"
    },
    {
      "type": "WEB",
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2021-22770

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-22770

Aliases

CVE-2021-22770

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22770",
    "description": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information.",
    "id": "GSD-2021-22770"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22770"
      ],
      "details": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information.",
      "id": "GSD-2021-22770",
      "modified": "2023-12-13T01:23:24.301803Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2021-22770",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Easergy T300 with firmware V2.7.1 and older",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Easergy T300 with firmware V2.7.1 and older"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-200: Information Exposure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02",
            "refsource": "MISC",
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.7.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22770"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-07-27T20:29Z",
      "publishedDate": "2021-07-21T15:15Z"
    }
  }
}

VAR-202107-0307

Vulnerability from variot - Updated: 2022-05-18 20:46

A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information. Easergy T300 There is an information leakage vulnerability in the firmware.Information may be obtained

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0307",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "easergy t300",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "2.7.1"
      },
      {
        "model": "easergy t300",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "easergy t300  firmware"
      },
      {
        "model": "easergy t300",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009687"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22770"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.7.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.7.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22770"
      }
    ]
  },
  "cve": "CVE-2021-22770",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2021-22770",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.9,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-22770",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-22770",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-22770",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202107-1578",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-22770",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1578"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22770"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information. Easergy T300 There is an information leakage vulnerability in the firmware.Information may be obtained",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009687"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22770"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-22770",
        "trust": 3.3
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2021-194-02",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009687",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1578",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22770",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1578"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22770"
      }
    ]
  },
  "id": "VAR-202107-0307",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.5843179
  },
  "last_update_date": "2022-05-18T20:46:53.705000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2021-194-02",
        "trust": 0.8,
        "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-02"
      },
      {
        "title": "Easergy T300 Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158023"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1578"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.0
      },
      {
        "problemtype": "information leak (CWE-200) [ Other ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009687"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22770"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-02"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22770"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1578"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22770"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1578"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22770"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22770"
      },
      {
        "date": "2022-05-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009687"
      },
      {
        "date": "2021-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-1578"
      },
      {
        "date": "2021-07-21T15:15:00",
        "db": "NVD",
        "id": "CVE-2021-22770"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22770"
      },
      {
        "date": "2022-05-17T07:46:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009687"
      },
      {
        "date": "2021-07-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-1578"
      },
      {
        "date": "2021-07-27T20:29:00",
        "db": "NVD",
        "id": "CVE-2021-22770"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1578"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Easergy\u00a0T300\u00a0 Information leakage vulnerability in firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009687"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1578"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22770 (GCVE-0-2021-22770)

FKIE_CVE-2021-22770

CERTFR-2021-AVI-517

Solution

CERTFR-2021-AVI-517

Solution

GHSA-4M22-CX4P-J3JQ

GSD-2021-22770

VAR-202107-0307

Tags

Sightings

Nomenclature