Lucene search

[email protected]NVD:CVE-2021-22794

HistoryApr 13, 2022 - 4:15 p.m.

CVE-2021-22794

2022-04-1316:15:09

CWE-22

[email protected]

web.nvd.nist.gov

cwe-22

improper limitation

path traversal

remote code execution

struxureware data center expert

v7.8.1

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.008

Percentile

82.3%

JSON

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

Affected configurations

Nvd

Node

schneider-electricstruxureware_data_center_expertRange≤7.8.1

VendorProductVersionCPE
schneider-electricstruxureware_data_center_expert*cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	struxureware_data_center_expert	*	cpe:2.3:a:schneider-electric:struxureware_data_center_expert::::::::

References

www.se.com/ww/en/download/document/SEVD-2021-257-03/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.008

Percentile

82.3%

JSON

Related for NVD:CVE-2021-22794

cve1 checkpoint_advisories1 prion1 cvelist1 zdi1 ics1