Schneider Electric EcoStruxure Power Build-Rapsody (Update A)

🗓️ 12 Jan 2021 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 292 Views

Schneider Electric EcoStruxure Power Build-Rapsody (Update A). Vulnerability in EcoStruxure Power Build-Rapsody software allows unrestricted malicious file upload, resulting in remote code execution. CVSS v3 score 7.8. Updates expected in first half of 2021

Reporter	Title	Published	Views	Family All 21
BDU FSTEC	The vulnerability of the online configuration software EcoStruxure Power Build lies in its ability to download unlimited amounts of dangerous files, allowing a hacker to execute arbitrary code.	3 Mar 202100:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the online configuration software EcoStruxure Power Build lies in its ability to download unlimited amounts of dangerous files, allowing a hacker to execute arbitrary code.	3 Mar 202100:00	–	bdu_fstec
Circl	CVE-2021-22698	26 Jan 202120:49	–	circl
CNNVD	Schneider Electric EcoStruxure Power Build - Rapsody 代码问题漏洞	12 Jan 202100:00	–	cnnvd
CNNVD	Schneider Electric EcoStruxure Power Build - Rapsody 代码问题漏洞	12 Jan 202100:00	–	cnnvd
CNVD	Schneider Electric EcoStruxure Power Build-Rapsody Buffer Overflow Vulnerability	18 Jan 202100:00	–	cnvd
CNVD	Schneider Electric EcoStruxure Power Build-Rapsody Code Issue Vulnerability	14 Jan 202100:00	–	cnvd
CVE	CVE-2021-22697	25 Jan 202117:09	–	cve
CVE	CVE-2021-22698	25 Jan 202117:10	–	cve
Cvelist	CVE-2021-22697	25 Jan 202117:09	–	cvelist

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-012-01.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-21-012-01
us-cert	www.us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
us-cert	www.us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B