CVE-2021-22770

CWE-200 — Information Exposure3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 44.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Easergy T300 Firmware

Timeline

PublishedJul 21

Latest updateMay 24

Description

A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5easergy_t300_with_firmware_v2.7.1_and_olderEasergy T300 with firmware V2.7.1 and older

▶NVDschneider-electric/easergy_t300_firmware2.7.1

🔴Vulnerability Details

GHSA

GHSA-4m22-cx4p-j3jq: A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2↗2022-05-24

▶

CVEList

CVE-2021-22770: A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2↗2021-07-21

▶