Описание
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.7 (включая)Версия до 1.7 (включая)
Одновременно
cpe:2.3:h:schneider-electric:struxureware_building_operations_automation_server_as:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:struxureware_building_operations_automation_server_as_firmware:*:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:h:schneider-electric:struxureware_building_operations_automation_server_as-p:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:struxureware_building_operations_automation_server_as-p_firmware:1.7:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.15868
Средний
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.
EPSS
Процентиль: 95%
0.15868
Средний
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-284