PT-2021-7776 · Schneider Electric · Easergy T200
Published
2021-07-13
·
Updated
2021-07-28
·
CVE-2021-22772
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Easergy T200 versions (Modbus) SC2-04MOD-07000100 and earlier
Easergy T200 versions (IEC104) SC2-04IEC-07000100 and earlier
Easergy T200 versions (DNP3) SC2-04DNP-07000102 and earlier
Description
The issue is related to the absence of authentication for a critical function in the device's firmware, which could allow a remote attacker to perform unauthorized operations.
Recommendations
For Easergy T200 versions (Modbus) SC2-04MOD-07000100 and earlier, consider implementing authentication mechanisms for critical functions to prevent unauthorized access.
For Easergy T200 versions (IEC104) SC2-04IEC-07000100 and earlier, consider implementing authentication mechanisms for critical functions to prevent unauthorized access.
For Easergy T200 versions (DNP3) SC2-04DNP-07000102 and earlier, consider implementing authentication mechanisms for critical functions to prevent unauthorized access.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easergy T200