CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 0CVE-2021-22815
https://notcve.org/view.php?id=CVE-2021-22815
28 Jan 2022 — A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/A... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2021-22814
https://notcve.org/view.php?id=CVE-2021-22814
28 Jan 2022 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using N... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2021-22813
https://notcve.org/view.php?id=CVE-2021-22813
28 Jan 2022 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2021-22812
https://notcve.org/view.php?id=CVE-2021-22812
28 Jan 2022 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Un... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2021-22811
https://notcve.org/view.php?id=CVE-2021-22811
28 Jan 2022 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterr... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 0CVE-2021-22810
https://notcve.org/view.php?id=CVE-2021-22810
28 Jan 2022 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AO... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22809
https://notcve.org/view.php?id=CVE-2021-22809
28 Jan 2022 — A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior Una CWE-125: Se presenta una vulnerabilidad de Lectura Fuera De Límites que podría causar una divulgación involuntaria de datos cuando es cargado un archivo de configuración *.gd1 malicioso en la herramienta GUIcon. Producto afectado: Eurotherm by S... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22808
https://notcve.org/view.php?id=CVE-2021-22808
28 Jan 2022 — A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior Una CWE-416: Se presenta una vulnerabilidad de Uso de Memoria previamente Liberada que podría causar una ejecución de código arbitrario cuando es cargado un archivo de configuración *.gd1 malicioso en la herramienta GUIcon. Producto afectado: Eurotherm b... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22807
https://notcve.org/view.php?id=CVE-2021-22807
28 Jan 2022 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior Una CWE-787: Se presenta una vulnerabilidad de escritura fuera de límites que podría causar una ejecución de código arbitrario cuando es cargado un archivo de configuración *.gd1 malicioso en la herramienta GUIcon. Producto afectado: Eurotherm by Sc... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07 • CWE-787: Out-of-bounds Write •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22799
https://notcve.org/view.php?id=CVE-2021-22799
28 Jan 2022 — A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1 Una CWE-331: Se presenta una vulnerabilidad de Entropía Insuficiente que podría causar una conexión no intencionada desde una red interna a una red externa cuando un atacante consigue descifrar la contraseña del proxy... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02 • CWE-331: Insufficient Entropy •