CVE-2021-22803

Published: Feb 11, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)

Affected (1)

Products: Schneider Electric: Interactive Graphical Scada System Data Collector

Schneider Electric

1 product

Interactive Graphical Scada System Data Collector

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Interactive Graphical Scada System Data Collector	Up to 15.0.0.21243

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.