PT-2021-15215 · Schneider Electric · Struxureware Data Center Expert

Published

2021-09-15

Updated

2022-04-20

CVE-2021-22794

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions StruxureWare Data Center Expert versions prior to 7.8.1

Description A Path Traversal vulnerability exists that could cause remote code execution. This issue is related to improper limitation of a pathname to a restricted directory.

Recommendations For versions prior to 7.8.1, update to a version later than 7.8.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-22794

ZDI-21-1071

Affected Products

Struxureware Data Center Expert

PT-2021-15215 · Schneider Electric · Struxureware Data Center Expert

CVE-2021-22794

Weakness Enumeration

Related Identifiers

Affected Products

References · 5