CVE-2021-22749
MEDIUMModicon X80 BMXNOR0200H RTU SV1.70 IR22 - Info Disclosure
Title source: llmDescription
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05
Scores
CVSS v3
5.3
EPSS
0.0026
EPSS Percentile
49.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
schneider-electric/modicon_x80_bmxnor0200h_rtu_firmware
sv1.6 ir4
schneider-electric/modicon_x80_bmxnor0200h_rtu_firmware
sv1.7 ir10 (6 CPE variants)
Published
Jun 11, 2021
Tracked Since
Feb 18, 2026