CVE-2021-22749: Infoleak
First published: Fri Jun 11 2021(Updated: )
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| schneider-electric Modicon X80 BMXNOR0200H RTU | =sv1.6-ir4 | |
| schneider-electric Modicon X80 BMXNOR0200H RTU | =sv1.7-ir10 | |
| schneider-electric Modicon X80 BMXNOR0200H RTU | =sv1.7-ir15b | |
| schneider-electric Modicon X80 BMXNOR0200H RTU | =sv1.7-ir17 | |
| schneider-electric Modicon X80 BMXNOR0200H RTU | =sv1.7-ir18 | |
| schneider-electric Modicon X80 BMXNOR0200H RTU | =sv1.7-ir19 | |
| schneider-electric Modicon X80 BMXNOR0200H RTU | =sv1.7-ir20 | |
| Schneider Electric Modicon X80 BMXNOR0200H RTU firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-22749?
CVE-2021-22749 is classified as a medium severity vulnerability due to potential information leakage.
How do I fix CVE-2021-22749?
To mitigate CVE-2021-22749, update the Modicon X80 BMXNOR0200H RTU firmware to versions SV1.70 IR23 or later.
What types of information are exposed by CVE-2021-22749?
CVE-2021-22749 can leak sensitive information about the current RTU configuration, including communication parameters related to telemetry.
Which products are affected by CVE-2021-22749?
CVE-2021-22749 affects the Schneider Electric Modicon X80 BMXNOR0200H RTU firmware versions SV1.70 IR22 and earlier.
What can be done to prevent exploitation of CVE-2021-22749?
To prevent exploitation of CVE-2021-22749, ensure that all affected devices are updated to the latest firmware version.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider-electric modicon x80 bmxnor0200h rtu
- version/schneider-electric modicon x80 bmxnor0200h rtu/sv1.6-ir4
- version/schneider-electric modicon x80 bmxnor0200h rtu/sv1.7-ir10
- version/schneider-electric modicon x80 bmxnor0200h rtu/sv1.7-ir15b
- version/schneider-electric modicon x80 bmxnor0200h rtu/sv1.7-ir17
- version/schneider-electric modicon x80 bmxnor0200h rtu/sv1.7-ir18
- version/schneider-electric modicon x80 bmxnor0200h rtu/sv1.7-ir19
- version/schneider-electric modicon x80 bmxnor0200h rtu/sv1.7-ir20
- canonical/schneider electric modicon x80 bmxnor0200h rtu firmware