CVE-2021-22697

Name of the Vulnerable Software and Affected Versions: EcoStruxure Power Build - Rapsody versions V2.1.13 and prior

Description: A vulnerability exists in the EcoStruxure Power Build - Rapsody software that could allow a use-after-free condition, resulting in remote code execution when a malicious SSD file is uploaded and improperly parsed. This issue is related to the unrestricted upload of files with dangerous types. The exploitation of this vulnerability may allow an attacker to execute arbitrary code.

Recommendations: For versions V2.1.13 and prior, consider disabling the SSD file upload feature until a patch is available to prevent remote code execution. Restrict access to the SSD file parsing module to minimize the risk of exploitation. Avoid using the SSD file upload functionality in the affected software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.