CVE-2021-22718 – Schneider Electric C-Bus Toolkit CBZ File Parsing Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22718
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring project files. Una CWE-22: se presenta una vulnerabilidad Limitación Inapropiada de un Nombre de Ruta para un Directorio Restringido ("Path Traversal") en C-Bus Toolkit (versiones V1.15.7 y anteriores) que podría permitir una ejecución de código remota al restaurar archivos de proyecto This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CBZ files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01 https://www.zerodayinitiative.com/advisories/ZDI-21-448 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-22717 – Schneider Electric C-Bus Toolkit ACCESS SAVE Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22717
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing config files. Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta para un Directorio Restringido ("Path Traversal") en C-Bus Toolkit (versiones V1.15.7 y anteriores) que podría permitir una ejecución de código remota al procesar archivos de configuración This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of commands sent to the C-Gate 2 Service. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01 https://www.zerodayinitiative.com/advisories/ZDI-21-447 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-22716 – Schneider Electric C-Bus Toolkit Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22716
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Affected Product: C-Bus Toolkit (V1.15.9 and prior) Una CWE-732: Asignación incorrecta de permisos para recursos críticos que podría permitir la ejecución remota de código cuando un usuario sin privilegios modifica un archivo. Producto afectado: C-Bus Toolkit (V1.15.9 y anteriores) This vulnerability allows local attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions set on product folders created by the installer. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-103-01_C-Bus_Toolkit_C-Gate_Server_Security_Notification.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-105-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-22713
https://notcve.org/view.php?id=CVE-2021-22713
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot. A CWE-119: se presenta vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de la Memoria en PowerLogic ION8650, ION8800, ION7650, ION7700 /73xx e ION83xx /84xx/85xx /8600 (consulte la notificación de seguridad para las versiones afectadas), lo que podría causar al medidor reiniciarse • https://www.se.com/ww/en/download/document/SEVD-2021-068-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-22714
https://notcve.org/view.php?id=CVE-2021-22714
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution. A CWE-119: se presenta una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de la Memoria en PowerLogic ION7400, PM8000 e ION9000 (todas las versiones anteriores a V3.0.0), lo que podría causar al medidor reiniciarse o permitir una ejecución de código remota • https://www.se.com/ww/en/download/document/SEVD-2021-068-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •