CVE-2021-22731
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker.
Affected (16)
Products: Schneider Electric: Mcsesp083f23g0 Firmware, Mcsesp083f23g0t Firmware, Mcsesm043f23f0 Firmware, Mcsesm053f1cu0 Firmware, Mcsesm063f2cu0 Firmware, Mcsesm053f1cs0 Firmware, Mcsesm063f2cs0 Firmware, Mcsesm083f23f0 Firmware, Mcsesm103f2cu0 Firmware, Mcsesm083f23f0h Firmware, Mcsesm103f2cu0h Firmware, Mcsesm103f2cs0h Firmware, Mcsesm123f2lg0 Firmware, Mcsesm093f1cu0 Firmware, Mcsesm093f1cs0 Firmware, Mcsesm103f2cs0 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesp083f23g0 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesp083f23g0t | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm043f23f0 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm053f1cu0 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm063f2cu0 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm053f1cs0 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm063f2cs0 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm083f23f0 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm103f2cu0 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm083f23f0h | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm103f2cu0h | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm103f2cs0h | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm123f2lg0 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm093f1cu0 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm093f1cs0 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.22 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Mcsesm103f2cs0 | All versions |
References (2)
Source: cybersecurity@se.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.