CVE-2021-22769 - Vulnerability Details - OpenCVE

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Schneider-electric	Easergy T300 Easergy T300 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02

History

Mon, 29 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2021-06-11T15:40:47.000Z

Updated: 2026-06-29T13:26:09.384Z

Reserved: 2021-01-06T00:00:00.000Z

Link: CVE-2021-22769

Vulnrichment

Updated: 2024-08-03T18:51:07.463Z

NVD

Status : Modified

Published: 2021-06-11T16:15:10.730

Modified: 2026-06-17T03:37:44.620

Link: CVE-2021-22769

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Easergy T300 with firmware V2.7.1 and older", "vendor": "n/a", "versions": [{"status": "affected", "version": "Easergy T300 with firmware V2.7.1 and older"}]}], "descriptions": [{"lang": "en", "value": "A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552: Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-21T10:40:05.000Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2021-22769", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Easergy T300 with firmware V2.7.1 and older", "version": {"version_data": [{"version_value": "Easergy T300 with firmware V2.7.1 and older"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-552: Files or Directories Accessible to External Parties"}]}]}, "references": {"reference_data": [{"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02", "refsource": "MISC", "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:51:07.463Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-29T13:24:15.548623Z", "id": "CVE-2021-22769", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-29T13:26:09.384Z"}}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2021-22769", "datePublished": "2021-06-11T15:40:47.000Z", "dateReserved": "2021-01-06T00:00:00.000Z", "dateUpdated": "2026-06-29T13:26:09.384Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:51:07.463Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-22769", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-29T13:24:15.548623Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-29T13:26:03.715Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Easergy T300 with firmware V2.7.1 and older", "versions": [{"status": "affected", "version": "Easergy T300 with firmware V2.7.1 and older"}]}], "references": [{"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-552", "description": "CWE-552: Files or Directories Accessible to External Parties"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2021-07-21T10:40:05.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Easergy T300 with firmware V2.7.1 and older"}]}, "product_name": "Easergy T300 with firmware V2.7.1 and older"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02", "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-552: Files or Directories Accessible to External Parties"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-22769", "STATE": "PUBLIC", "ASSIGNER": "cybersecurity@schneider-electric.com"}}}}, "cveMetadata": {"cveId": "CVE-2021-22769", "state": "PUBLISHED", "dateUpdated": "2026-06-29T13:26:09.384Z", "dateReserved": "2021-01-06T00:00:00.000Z", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "datePublished": "2021-06-11T15:40:47.000Z", "assignerShortName": "schneider"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"product": "Easergy T300 with firmware V2.7.1 and older", "vendor": "n/a", "versions": [{"status": "affected", "version": "Easergy T300 with firmware V2.7.1 and older"}]}], "source": "cybersecurity@se.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07AFED6-47CC-4A19-80DB-C537F4F07736", "versionEndIncluding": "2.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*", "matchCriteriaId": "45E6C3FA-001D-449A-A512-327FA0C9AC5A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted."}, {"lang": "es", "value": "Un CWE-552: Archivos o directorios accesibles a partes externas en el Easergy T300 con firmware versi\u00f3n V2.7.1 y anterior que podr\u00eda exponer el contenido de archivos o directorios cuando el acceso de un atacante no est\u00e1 restringido o est\u00e1 restringido incorrectamente."}], "id": "CVE-2021-22769", "lastModified": "2026-06-17T03:37:44.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-11T16:15:10.730", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}