Rewterz Threat Advisory – CVE-2021-27657 – ICS: Johnson Controls Metasys
June 9, 2021Rewterz Threat Advisory – CVE-2021-27610 – Critical Vulnerability in SAP ABAP Server
June 9, 2021Rewterz Threat Advisory – CVE-2021-27657 – ICS: Johnson Controls Metasys
June 9, 2021Rewterz Threat Advisory – CVE-2021-27610 – Critical Vulnerability in SAP ABAP Server
June 9, 2021Severity
Medium
Analysis Summary
CVE-2021-22749
This vulnerability could cause an information leak concerning the current RTU configuration including communication parameters dedicated to telemetry when a specially crafted HTTP request is sent to the webserver of the module. Successful exploitation of this vulnerability may result in an information disclosure to an unauthenticated remote user, which could result in an understanding of the network architecture.
Impact
- Information Disclosure
Affected Vendors
Schneider Electric
Affected Products
- Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches at https://us-cert.cisa.gov/ics/advisories/icsa-21-159-05