Description
CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Schneider Electric / Easergy T200 (DNP3) Models: T200I, T200E, T200P, T200S, T200HSC2-04DNP-07000104 – prior
- Schneider Electric / Easergy T200 (IEC104) Models: T200I, T200E, T200P, T200S, T200HSC2-04IEC-07000104 – prior
- Schneider Electric / Easergy T200 (Modbus) Models: T200I, T200E, T200P, T200S, T200HSC2-04MOD-07000104 – prior