CVE-2021-22698

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-01
Third Party Advisory
US Government Resource
https://www.se.com/ww/en/download/document/SEVD-2021-012-02/
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-187/
Third Party Advisory
VDB Entry
https://us-cert.cisa.gov/ics/advisories/icsa-21-012-01
Third Party Advisory
US Government Resource
https://www.se.com/ww/en/download/document/SEVD-2021-012-02/
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-187/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schneider-electric:ecostruxure_power_build_-_rapsody:*:*:*:*:*:*:*:*

Версия до 2.1.13 (включая)

EPSS

Процентиль: 80%

0.01384

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-2fr7-wcm8-348v

github

больше 3 лет назад

BDU:2021-01109