var-202202-1168
Vulnerability from variot
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions). plural Schneider Electric The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon Quantum, etc. are products of the French Schneider Electric (Schneider Electric). The Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. The Schneider Electric Modicon M340 is a mid-range PLC (Programmable Logic Controller) for industrial processes and infrastructure. Schneider Electric Modicon Premium is a programmable controller for industrial environments
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-1168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "140noc78x00",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp342020",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.40"
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noc77101",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp576634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnor0200h rtu",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noe771x1",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp574634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp575634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnor0200h rtu",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum 140cpu65150",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "140noe771x1",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340 cpus bmxp34",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "(\u003c=3.40)"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoe0100",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoe0110",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoc0401",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnor0200h rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp574634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp575634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp576634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet 140cpu65xxxxx",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noe771x1",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noc78x00",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noc77101",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules tsxety4103",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules tsxety5103",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"cve": "CVE-2021-22785",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22785",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-68925",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22785",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22785",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22785",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22785",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-68925",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22785",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions). plural Schneider Electric The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon Quantum, etc. are products of the French Schneider Electric (Schneider Electric). The Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. The Schneider Electric Modicon M340 is a mid-range PLC (Programmable Logic Controller) for industrial processes and infrastructure. Schneider Electric Modicon Premium is a programmable controller for industrial environments",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22785",
"trust": 3.9
},
{
"db": "SCHNEIDER",
"id": "SEVD-2021-257-02",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-68925",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22785",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"id": "VAR-202202-1168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
}
],
"trust": 1.5192307692307692
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
}
]
},
"last_update_date": "2024-08-14T14:37:39.948000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2021-257-02",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
},
{
"title": "Patch for Multiple Schneider Electric Product Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/356586"
},
{
"title": "Schneider Electric Repair measures for information disclosure vulnerabilities of various products",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=182742"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-22785 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-257-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-22785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"date": "2022-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"date": "2023-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"date": "2022-02-11T18:15:08.947000",
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"date": "2022-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"date": "2023-06-15T07:46:00",
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"date": "2022-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"date": "2024-04-10T12:28:45.957000",
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerability regarding information leakage in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.