← Back

CVE-2021-22825

nvd nist
Published: Jan 28, 2022Modified: Sep 8, 2025

JSON object

Loading...
8.0
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: NVD

Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier)

Affected (2)

Schneider Electric
2 products
Rack Power Distribution Unit With Network Management Card 2 Firmware
Rack Power Distribution Unit With Network Management Card 3 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rack Power Distribution Unit With Network Management Card 2 Firmware
Before 7.0.6
Running on/withPlatform Versions
Schneider Electric
Rack Power Distribution Unit With Network Management Card 2
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rack Power Distribution Unit With Network Management Card 3 Firmware
Before 1.2.0.2
Running on/withPlatform Versions
Schneider Electric
Rack Power Distribution Unit With Network Management Card 3
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.