CVE-2023-5402 – Schneider Electric C-Bus Toolkit TransferCommand Exposed Dangerous Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-5402
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. CWE-269: Existe una vulnerabilidad de gestión de privilegios inadecuada, que podría provocar una ejecución remota de código cuando se utiliza el comando de transferencia a través de la red. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TransferCommand command. The issue results from an exposed dangerous method. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-283-01.pdf • CWE-269: Improper Privilege Management •
CVE-2021-22748 – Schneider Electric C-Bus Toolkit CONFIG SAVE Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22748
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Path Traversal") que podría permitir una ejecución de código remota cuando es guardado un archivo. Producto afectado: C-Bus Toolkit (versiones V1.15.9 y anteriores), C-Gate Server (versiones V2.11.7 y anteriores) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of commands sent to the C-Gate 2 Service. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-22784 – Schneider Electric C-Bus Toolkit Missing Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2021-22784
A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system. A CWE-306: Se presenta una vulnerabilidad de Falta de Autentificación para una Función Crítica en C-Bus Toolkit versiones v1.15.8 y anteriores, que podría permitir a un atacante usar una página web diseñada para obtener acceso remoto al sistema This vulnerability allows remote attackers to bypass authentication on affected installations of Schneider Electric C-Bus Toolkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the C-Gate 2 Service, which listens on TCP port 20023. A crafted webpage can be used to enable remote access. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-04 https://www.tenable.com/security/research/tra-2021-50 • CWE-306: Missing Authentication for Critical Function •
CVE-2021-22720 – Schneider Electric C-Bus Toolkit PROJECT RESTORE Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-22720
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project. Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta para un Directorio Restringido ("Path Traversal") en C-Bus Toolkit (versiones V1.15.7 y anteriores) que podría permitir una ejecución de código remota al restaurar un proyecto This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric C-Bus Toolkit. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of commands sent to the C-Gate 2 Service. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01 https://www.tenable.com/security/research/tra-2021-50 https://www.zerodayinitiative.com/advisories/ZDI-21-450 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-22719 – Schneider Electric C-Bus Toolkit FILE UPLOAD Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22719
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a file is uploaded. Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta para un Directorio Restringido ("Path Traversal") en C-Bus Toolkit (versiones V1.15.7 y anteriores) que podría permitir una ejecución de código remota cuando se carga un archivo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of commands sent to the C-Gate 2 Service. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01 https://www.zerodayinitiative.com/advisories/ZDI-21-449 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •