{"api_version":"1","generated_at":"2026-07-16T03:05:30+00:00","cve":"CVE-2021-22769","urls":{"html":"https://cve.report/CVE-2021-22769","api":"https://cve.report/api/cve/CVE-2021-22769.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22769","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22769"},"summary":{"title":"CVE-2021-22769","description":"A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.","state":"PUBLISHED","assigner":"schneider","published_at":"2021-06-11 16:15:10","updated_at":"2026-06-29 14:16:34"},"problem_types":["CWE-552","CWE-552 CWE-552: Files or Directories Accessible to External Parties"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02","name":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-06","name":"MISC:http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-06","refsource":"MITRE","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22769","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22769","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"Easergy T300 with firmware V2.7.1 and older","version":"affected Easergy T300 with firmware V2.7.1 and older","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"22769","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"schneider-electric","cpe5":"easergy_t300","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22769","vulnerable":"1","versionEndIncluding":"2.7.1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"schneider-electric","cpe5":"easergy_t300_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2021","cve_id":"22769","cve":"CVE-2021-22769","epss":"0.006460000","percentile":"0.463220000","score_date":"2026-06-30","updated_at":"2026-07-01 00:05:17"},"legacy_qids":[{"cve":"CVE-2021-22769","qid":"590519","title":"Schneider Electric Enerlin'X ComX 510 Improper Privilege Management Vulnerability (ICSA-21-168-01)"},{"cve":"CVE-2021-22769","qid":"590816","title":"Schneider Electric Easergy T300 Multiple Vulnerabilities (SEVD-2021-194-02)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-03T18:51:07.463Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2021-22769","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-29T13:24:15.548623Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-29T13:26:09.384Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"Easergy T300 with firmware V2.7.1 and older","vendor":"n/a","versions":[{"status":"affected","version":"Easergy T300 with firmware V2.7.1 and older"}]}],"descriptions":[{"lang":"en","value":"A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-552","description":"CWE-552: Files or Directories Accessible to External Parties","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-07-21T10:40:05.000Z","orgId":"076d1eb6-cfab-4401-b34d-6dfc2a413bdb","shortName":"schneider"},"references":[{"tags":["x_refsource_MISC"],"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cybersecurity@schneider-electric.com","ID":"CVE-2021-22769","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Easergy T300 with firmware V2.7.1 and older","version":{"version_data":[{"version_value":"Easergy T300 with firmware V2.7.1 and older"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-552: Files or Directories Accessible to External Parties"}]}]},"references":{"reference_data":[{"name":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02","refsource":"MISC","url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"}]}}}},"cveMetadata":{"assignerOrgId":"076d1eb6-cfab-4401-b34d-6dfc2a413bdb","assignerShortName":"schneider","cveId":"CVE-2021-22769","datePublished":"2021-06-11T15:40:47.000Z","dateReserved":"2021-01-06T00:00:00.000Z","dateUpdated":"2026-06-29T13:26:09.384Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2021-06-11 16:15:10","lastModifiedDate":"2026-06-29 14:16:34","problem_types":["CWE-552","CWE-552 CWE-552: Files or Directories Accessible to External Parties"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-29T13:24:15.548623Z","id":"CVE-2021-22769","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.1","matchCriteriaId":"E07AFED6-47CC-4A19-80DB-C537F4F07736"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*","matchCriteriaId":"45E6C3FA-001D-449A-A512-327FA0C9AC5A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22769","Ordinal":"1","Title":"CVE-2021-22769","CVE":"CVE-2021-22769","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22769","Ordinal":"1","NoteData":"A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.","Type":"Description","Title":"CVE-2021-22769"},{"CveYear":"2021","CveId":"22769","Ordinal":"2","NoteData":"2021-06-11","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"22769","Ordinal":"3","NoteData":"2021-07-21","Type":"Other","Title":"Modified"}]}}}