Lucene search

SchneiderCVELIST:CVE-2021-22716

HistoryApr 13, 2021 - 6:31 p.m.

CVE-2021-22716

2021-04-1318:31:18

CWE-732

schneider

www.cve.org

cve-2021-22716

cwe-732

remote code execution

unprivileged user

file modification

c-bus toolkit

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.5%

JSON

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Affected Product: C-Bus Toolkit (V1.15.9 and prior)

CNA Affected

[
  {
    "vendor": "Schneider Electric",
    "product": "C-Bus Toolkit",
    "versions": [
      {
        "version": "V",
        "status": "affected",
        "lessThan": "1.15.9",
        "versionType": "custom"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-103-01_C-Bus_Toolkit_C-Gate_Server_Security_Notification.pdf

us-cert.cisa.gov/ics/advisories/icsa-21-105-01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.5%

JSON

Related for CVELIST:CVE-2021-22716