CVE-2021-22825
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier)
Una CWE-200: Se presenta una vulnerabilidad de Exposición de Información confidencial a un Actor no Autorizado que podría permitir a un atacante acceder al sistema con privilegios elevados cuando una cuenta privilegiada hace clic en una URL maliciosa que compromete el token de seguridad. Productos afectados: AP7xxxx y AP8xxx con NMC2 (V6.9.6 o anterior), AP7xxx y AP8xxx con NMC3 (versiones V1.1.0.3 o anteriores), y APDU9xxx con NMC3 (versiones V1.0.0.28 o anteriores)
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-06 CVE Reserved
- 2022-01-28 CVE Published
- 2023-08-21 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-04 | 2022-02-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Schneider-electric Search vendor "Schneider-electric" | Rack Power Distribution Unit With Network Management Card 2 Firmware Search vendor "Schneider-electric" for product "Rack Power Distribution Unit With Network Management Card 2 Firmware" | < 7.0.6 Search vendor "Schneider-electric" for product "Rack Power Distribution Unit With Network Management Card 2 Firmware" and version " < 7.0.6" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Rack Power Distribution Unit With Network Management Card 2 Search vendor "Schneider-electric" for product "Rack Power Distribution Unit With Network Management Card 2" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Rack Power Distribution Unit With Network Management Card 3 Firmware Search vendor "Schneider-electric" for product "Rack Power Distribution Unit With Network Management Card 3 Firmware" | < 1.2.0.2 Search vendor "Schneider-electric" for product "Rack Power Distribution Unit With Network Management Card 3 Firmware" and version " < 1.2.0.2" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Rack Power Distribution Unit With Network Management Card 3 Search vendor "Schneider-electric" for product "Rack Power Distribution Unit With Network Management Card 3" | - | - |
Safe
|