Lucene search

[email protected]NVD:CVE-2021-22825

HistoryJan 28, 2022 - 8:15 p.m.

CVE-2021-22825

2022-01-2820:15:10

CWE-200

[email protected]

web.nvd.nist.gov

cwe-200

unauthorized access

elevated privileges

malicious url

security token compromise

vulnerability

ap7xxxx

ap8xxx

nmc2

nmc3

apdu9xxx

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

42.8%

JSON

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier)

Affected configurations

Nvd

Node

schneider-electricrack_power_distribution_unit_with_network_management_card_2_firmwareRange<7.0.6

AND

schneider-electricrack_power_distribution_unit_with_network_management_card_2Match-

Node

schneider-electricrack_power_distribution_unit_with_network_management_card_3_firmwareRange<1.2.0.2

AND

schneider-electricrack_power_distribution_unit_with_network_management_card_3Match-

VendorProductVersionCPE
schneider-electricrack_power_distribution_unit_with_network_management_card_2_firmware*cpe:2.3:o:schneider-electric:rack_power_distribution_unit_with_network_management_card_2_firmware:*:*:*:*:*:*:*:*
schneider-electricrack_power_distribution_unit_with_network_management_card_2-cpe:2.3:h:schneider-electric:rack_power_distribution_unit_with_network_management_card_2:-:*:*:*:*:*:*:*
schneider-electricrack_power_distribution_unit_with_network_management_card_3_firmware*cpe:2.3:o:schneider-electric:rack_power_distribution_unit_with_network_management_card_3_firmware:*:*:*:*:*:*:*:*
schneider-electricrack_power_distribution_unit_with_network_management_card_3-cpe:2.3:h:schneider-electric:rack_power_distribution_unit_with_network_management_card_3:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	rack_power_distribution_unit_with_network_management_card_2_firmware	*	cpe:2.3:o:schneider-electric:rack_power_distribution_unit_with_network_management_card_2_firmware::::::::
schneider-electric	rack_power_distribution_unit_with_network_management_card_2	-	cpe:2.3:h:schneider-electric:rack_power_distribution_unit_with_network_management_card_2:-:::::::*
schneider-electric	rack_power_distribution_unit_with_network_management_card_3_firmware	*	cpe:2.3:o:schneider-electric:rack_power_distribution_unit_with_network_management_card_3_firmware::::::::
schneider-electric	rack_power_distribution_unit_with_network_management_card_3	-	cpe:2.3:h:schneider-electric:rack_power_distribution_unit_with_network_management_card_3:-:::::::*

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-04

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

42.8%

JSON

Related for NVD:CVE-2021-22825

cvelist1 ics1 prion1 cve1