6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.345 Low
EPSS
Percentile
97.1%
The Schneider Electric C-Gate running on the remote host is affected by multiple vulnerabilities :
A path traversal vulnerability exists within the processing of commands sent to the C-Gate server. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An authenticated, remote attacker can leverage this vulnerability to execute code in the context of SYSTEM. (CVE-2021-22717)
A path traversal vulnerability exists within the processing of commands sent to the C-Gate server. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An authenticated, remote attacker can leverage this vulnerability to execute code in the context of SYSTEM. (CVE-2021-22719)
A path traversal vulnerability exists within the processing of commands sent to the C-Gate server. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An authenticated, remote attacker can leverage this vulnerability to disclose information in the context of SYSTEM. (CVE-2021-22720)
Note that Nessus has not tested for the issue but has instead relied only on the application’s self-reported version number.
Binary data schneider_electric_cgate_icsa-21-105-01.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | c-gate | x-cpe:/a:schneider-electric:c-gate |
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.345 Low
EPSS
Percentile
97.1%