ID
VAR-202106-0547
CVE
CVE-2021-22769
TITLE
Schneider Electric Made Enerlin'X Com'X 510 Improper permission management vulnerability
Trust: 0.8
DESCRIPTION
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted. Schneider Electric Provided by the company Enerlin'X Com'X 510 Inappropriate permission management vulnerability (CWE-269 , CVE-2021-22769) ExistsWhen the authenticated user receives a specially crafted request for the device, the device configuration information without viewing authority is disclosed. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Trust: 2.16
AFFECTED PRODUCTS
| vendor: | schneider electric | model: | easergy t300 | scope: | lte | version: | 2.7.1 | Trust: 1.0 |
| vendor: | schneider electric | model: | enerlin'x com'x 510 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | schneider electric | model: | enerlin'x com'x 510 | scope: | eq | version: | v6.8.4 all earlier s | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-552 | Trust: 1.0 |
| problemtype: | Improper authority management (CWE-269) [IPA Evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 1.2
CONFIGURATIONS
PATCH
| title: | Schneider Electric Security Notification Enerlin'X Com ’ X 510 | url: | https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-06 | Trust: 0.8 |
| title: | Schneider Electric EnerlinÕX ComÕX Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155012 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-22769 | Trust: 2.4 |
| db: | ICS CERT | id: | ICSA-21-168-01 | Trust: 1.4 |
| db: | SCHNEIDER | id: | SEVD-2021-194-02 | Trust: 1.0 |
| db: | JVN | id: | JVNVU93458321 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2021-001891 | Trust: 0.8 |
| db: | CS-HELP | id: | SB2021041363 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202104-975 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2021061804 | Trust: 0.6 |
| db: | SCHNEIDER | id: | SEVD-2021-159-06 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2021.2172 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202106-978 | Trust: 0.6 |
REFERENCES
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-168-01 | Trust: 1.4 |
| url: | http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-02 | Trust: 1.0 |
| url: | http://jvn.jp/cert/jvnvu93458321 | Trust: 0.8 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021041363 | Trust: 0.6 |
| url: | http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-06 | Trust: 0.6 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021061804 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.2172 | Trust: 0.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-22769 | Trust: 0.6 |
CREDITS
Maxim Rupp reported this vulnerability to CISA.
Trust: 0.6
SOURCES
| db: | JVNDB | id: | JVNDB-2021-001891 |
| db: | CNNVD | id: | CNNVD-202104-975 |
| db: | CNNVD | id: | CNNVD-202106-978 |
| db: | NVD | id: | CVE-2021-22769 |
LAST UPDATE DATE
2022-05-06T07:05:23.297000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2021-001891 | date: | 2021-06-21T08:25:00 |
| db: | CNNVD | id: | CNNVD-202104-975 | date: | 2021-04-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-202106-978 | date: | 2021-07-26T00:00:00 |
| db: | NVD | id: | CVE-2021-22769 | date: | 2021-09-20T13:51:00 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2021-001891 | date: | 2021-06-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-202104-975 | date: | 2021-04-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-202106-978 | date: | 2021-06-11T00:00:00 |
| db: | NVD | id: | CVE-2021-22769 | date: | 2021-06-11T16:15:00 |