exploitDog

CVE-2021-22799

Опубликовано: 28 янв. 2022

Источник: nvd

CVSS3: 3.8

CVSS2: 2.1

EPSS Низкий

Описание

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1

Ссылки

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02
Patch
Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schneider-electric:software_update:*:*:*:*:*:*:*:*

Версия от 2.3.0 (включая) до 2.5.2 (исключая)

EPSS

Процентиль: 17%

0.00054

Низкий

3.8 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-331

Связанные уязвимости

GHSA-h572-23qr-5763

github

около 4 лет назад

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1

EPSS

Процентиль: 17%

0.00054

Низкий

3.8 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-331