4 matches found
CVE-2021-22794
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert V7.8.1 and prior...
CVE-2021-22794
creationtimestamp| type| source ---|---|--- 2022-04-13 20:18:09+00:00| seen| https://t.me/cibsecurity/40731...
CVE-2021-22794
CVE-2021-22794 is a path traversal vulnerability in Schneider Electric’s StruxureWare Data Center Expert (versions 7.8.1 and prior). The issue arises from improper validation of user-supplied input in path handling, enabling remote code execution over the network with no authentication required a...
Schneider Electric Struxureware Data Center Expert
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Struxureware Data Center Expert Vulnerabilities: OS Command Injection, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote...