PT-2021-15187 · Schneider Electric · Modicon X80 Bmxnor0200H Rtu
Published
2021-06-11
·
Updated
2021-06-22
·
CVE-2021-22749
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Modicon X80 BMXNOR0200H RTU versions SV1.70 IR22 and prior
Description
A vulnerability exists that could cause an information leak concerning the current RTU configuration, including communication parameters dedicated to telemetry. This occurs when a specially crafted HTTP request is sent to the web server of the module.
Recommendations
For Modicon X80 BMXNOR0200H RTU versions SV1.70 IR22 and prior, consider restricting access to the web server of the module to minimize the risk of exploitation. As a temporary workaround, avoid using the web server until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Modicon X80 Bmxnor0200H Rtu