CVE-2021-22799

Published: Jan 28, 2022Modified: Nov 21, 2024

3.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Exploitability: 2.0 / Impact: 1.4

Source: NVD

Description

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1

Affected (1)

Products: Schneider Electric: Software Update

Schneider Electric

1 product

Software Update

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Software Update	From 2.3.0 to 2.5.2

Related CWEs

Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.