Sign-up

ID

VAR-202107-0307


CVE

CVE-2021-22770


TITLE

Easergy T300  Information leakage vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-009687

DESCRIPTION

A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information. Easergy T300 There is an information leakage vulnerability in the firmware.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-22770 // JVNDB: JVNDB-2021-009687 // VULMON: CVE-2021-22770

AFFECTED PRODUCTS

vendor:schneider electricmodel:easergy t300scope:lteversion:2.7.1

Trust: 1.0

vendor:schneider electricmodel:easergy t300scope:eqversion:easergy t300 firmware

Trust: 0.8

vendor:schneider electricmodel:easergy t300scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-009687 // NVD: CVE-2021-22770

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-22770
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202107-1578
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-22770
value: MEDIUM

Trust: 0.1

NVD: CVE-2021-22770
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.9

NVD: CVE-2021-22770
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-22770
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-22770 // JVNDB: JVNDB-2021-009687 // CNNVD: CNNVD-202107-1578 // NVD: CVE-2021-22770

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:information leak (CWE-200) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009687 // NVD: CVE-2021-22770

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1578

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202107-1578

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-22770

PATCH
title:SEVD-2021-194-02url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-02
Trust: 0.8
title:Easergy T300 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158023
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-009687 // 
            
            
            
            CNNVD: CNNVD-202107-1578

EXTERNAL IDS
db:NVDid:CVE-2021-22770
Trust: 3.3
db:SCHNEIDERid:SEVD-2021-194-02
Trust: 1.7
db:JVNDBid:JVNDB-2021-009687
Trust: 0.8
db:CNNVDid:CNNVD-202107-1578
Trust: 0.6
db:VULMONid:CVE-2021-22770
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-22770 // 
            
            
            
            JVNDB: JVNDB-2021-009687 // 
            
            
            
            CNNVD: CNNVD-202107-1578 // 
            
            
            
            NVD: CVE-2021-22770

REFERENCES
url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-02
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-22770
Trust: 1.4
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-22770 // 
            
            
            
            JVNDB: JVNDB-2021-009687 // 
            
            
            
            CNNVD: CNNVD-202107-1578 // 
            
            
            
            NVD: CVE-2021-22770

SOURCES
db:VULMONid:CVE-2021-22770
db:JVNDBid:JVNDB-2021-009687
db:CNNVDid:CNNVD-202107-1578
db:NVDid:CVE-2021-22770

LAST UPDATE DATE
2022-05-18T20:46:53.705000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-22770date:2021-07-27T00:00:00
db:JVNDBid:JVNDB-2021-009687date:2022-05-17T07:46:00
db:CNNVDid:CNNVD-202107-1578date:2021-07-29T00:00:00
db:NVDid:CVE-2021-22770date:2021-07-27T20:29:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-22770date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2021-009687date:2022-05-17T00:00:00
db:CNNVDid:CNNVD-202107-1578date:2021-07-21T00:00:00
db:NVDid:CVE-2021-22770date:2021-07-21T15:15:00