CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-22705
https://notcve.org/view.php?id=CVE-2021-22705
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert Se presenta una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los límites de un búfer de la memoria, que podría causar una denegación de servicio o acceso no autorizado a la información del sistema interactuando directamente con un controlador instalado por Vijeo Designer o EcoStruxure Machine Expert • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22699
https://notcve.org/view.php?id=CVE-2021-22699
Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP. Se presenta una vulnerabilidad de Comprobación Inapropiada de Entrada en los controladores lógicos Modicon M241/M251 versiones del firmware anteriores a V5.1.9.1, que podría causar una denegación de servicio cuando peticiones específicas diseñadas son enviadas al controlador a través de HTTP • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-05 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22737
https://notcve.org/view.php?id=CVE-2021-22737
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. Se presenta una vulnerabilidad de Credenciales Insuficientemente Protegidas en homeLYnk (Wiser For KNX) y spaceLYnk versiones V2.60 y anteriores, que podría causar un acceso no autorizado cuando se descubren las credenciales después de un ataque de fuerza bruta • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.2EPSS: 44%CPEs: 1EXPL: 1CVE-2021-22720 – Schneider Electric C-Bus Toolkit PROJECT RESTORE Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-22720
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project. Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta para un Directorio Restringido ("Path Traversal") en C-Bus Toolkit (versiones V1.15.7 y anteriores) que podría permitir una ejecución de código remota al restaurar un proyecto This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric C-Bus Toolkit. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of commands sent to the C-Gate 2 Service. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01 https://www.tenable.com/security/research/tra-2021-50 https://www.zerodayinitiative.com/advisories/ZDI-21-450 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 0CVE-2021-22719 – Schneider Electric C-Bus Toolkit FILE UPLOAD Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22719
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a file is uploaded. Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta para un Directorio Restringido ("Path Traversal") en C-Bus Toolkit (versiones V1.15.7 y anteriores) que podría permitir una ejecución de código remota cuando se carga un archivo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of commands sent to the C-Gate 2 Service. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01 https://www.zerodayinitiative.com/advisories/ZDI-21-449 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •