Code injection

2022-01-2820:15:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier)

CPENameOperatorVersion
rack_power_distribution_unit_with_network_management_card_2_firmwarelt7.0.6
rack_power_distribution_unit_with_network_management_card_3_firmwarelt1.2.0.2

CPE	Name	Operator	Version
	rack_power_distribution_unit_with_network_management_card_2_firmware	lt	7.0.6
	rack_power_distribution_unit_with_network_management_card_3_firmware	lt	1.2.0.2

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-04