Main Vulnerability Database SB2021101501

SB2021101501 - Improper Privilege Management in Schneider Electric CNM

Published: October 15, 2021

Security Bulletin ID SB2021101501

CSH Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Privilege Management (CVE-ID: CVE-2021-22801)

CWE-ID: CWE-269 - Improper Privilege Management

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to escalate privileges.

The vulnerability exists due to improper privilege management. A remote attacker can execute arbitrary commands when the software is configured with specially crafted event actions.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/icsa-21-287-01
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-02