CVE-2021-22793

Published: Sep 2, 2021Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could allow an authenticated attacker to access the device via FTP protocol.

Affected (2)

Products: Schneider Electric: Accusine Pcsp Pfvp Firmware, Accusine Pcsn Active Harmonic Filter Firmware

Schneider Electric

2 products

Accusine Pcsp Pfvp Firmware

Accusine Pcsn Active Harmonic Filter Firmware

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Schneider Electric Accusine Pcsp Pfvp Firmware	Before 001.006.007

Running on/with	Platform Versions
Schneider Electric Accusine Pcs+	All versions
Schneider Electric Accusine Pfv+	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Accusine Pcsn Active Harmonic Filter Firmware	Before 002.002.004

Running on/with	Platform Versions
Schneider Electric Accusine Pcsn	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (3)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01

Source: cybersecurity@se.com

Not Applicable

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05

Source: nvd@nist.gov

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

Timeline

No history available yet.