CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-22797

HIGH
7.8
CVSS Severity Score
EPSS Score0.0240%
EPSS Percentile14.19th
Published2022年4月13日
Last Modified2024年11月21日

Vulnerability Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)

Affected Platforms (CPE)

📦
Schneider Electric

Ecostruxure Control Expert

< 15.1
📦
Schneider Electric

Ecostruxure Process Expert

< 2021
📦
Schneider Electric

Remoteconnect

All versions

References & Advisories

🔗 https://www.se.com/ww/en/download/document/SEVD-2021-257-01/
🔗 https://www.se.com/ww/en/download/document/SEVD-2021-257-01/

相關漏洞威脅

CVE-2020-74759.8

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vuln...

CVE-2020-74899.8

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists ...

CVE-2021-227799.1

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including a...

CVE-2020-75608.6

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former nam...