PT-2021-15216 · Schneider Electric · Struxureware Data Center Expert

Published

2021-09-15

Updated

2022-04-20

CVE-2021-22795

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions StruxureWare Data Center Expert versions prior to 7.8.1

Description A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network.

Recommendations For versions prior to 7.8.1, update to a version later than 7.8.1 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-22795

ZDI-21-1072

Affected Products

Struxureware Data Center Expert

PT-2021-15216 · Schneider Electric · Struxureware Data Center Expert

CVE-2021-22795

Weakness Enumeration

Related Identifiers

Affected Products

References · 5