CVE-2021-22769 - OpenCVE

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Easergy T300 Easergy T300 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*

References

Link	Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2021-06-11T15:40:47

Updated: 2021-07-21T10:40:05

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22769

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-11T16:15:10.730

Modified: 2021-09-20T13:51:37.567

Link: CVE-2021-22769

JSON object: View

Redhat Information

No data.

CWE

CWE-552

{"containers": {"cna": {"affected": [{"product": "Easergy T300 with firmware V2.7.1 and older", "vendor": "n/a", "versions": [{"status": "affected", "version": "Easergy T300 with firmware V2.7.1 and older"}]}], "descriptions": [{"lang": "en", "value": "A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552: Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-21T10:40:05", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2021-22769", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Easergy T300 with firmware V2.7.1 and older", "version": {"version_data": [{"version_value": "Easergy T300 with firmware V2.7.1 and older"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-552: Files or Directories Accessible to External Parties"}]}]}, "references": {"reference_data": [{"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02", "refsource": "MISC", "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"}]}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2021-22769", "datePublished": "2021-06-11T15:40:47", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2021-07-21T10:40:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07AFED6-47CC-4A19-80DB-C537F4F07736", "versionEndIncluding": "2.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*", "matchCriteriaId": "45E6C3FA-001D-449A-A512-327FA0C9AC5A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted."}, {"lang": "es", "value": "Un CWE-552: Archivos o directorios accesibles a partes externas en el Easergy T300 con firmware versi\u00f3n V2.7.1 y anterior que podr\u00eda exponer el contenido de archivos o directorios cuando el acceso de un atacante no est\u00e1 restringido o est\u00e1 restringido incorrectamente."}], "id": "CVE-2021-22769", "lastModified": "2021-09-20T13:51:37.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-11T16:15:10.730", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "cybersecurity@se.com", "type": "Primary"}]}