CVE-2021-22811

Опубликовано: 28 янв. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NM

Ссылки

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03
Mitigation
Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*

Версия до 6.9.8 (включая)

Одно из

cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*

Версия до 6.9.6 (включая)

Одно из

cpe:2.3:h:schneider-electric:ap9922_battery_management_system:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:galaxy_g7x:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:galaxy_g9kchu:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:galaxy_gcxsa:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:galaxy_gfc:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:galaxy_gvmsa:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:galaxy_gvmts:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:galaxy_gvxts:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:galaxy_rpp_grppip2x84:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:gutor_gvx:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:gutor_sxw:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:netbotz_nbrk0250:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pd40e5ek20-m:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pd40f6fk1-m:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pd40g6fk1-m:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pd40h5ek20-m:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pd40l6fk1-m:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pd60f6fk1:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pd60g6fk1:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pd60l6fk1:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdpb150g6f:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdpm138h-5u:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdpm138h-r:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdpm144f:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdpm150g6f:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdpm150l6f:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdpm175g6h:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdpm277h:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdpm288g6h:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdpm72f-5u:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdrppnx10:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pdrppnx10m:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pmm400-ala:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pmm400-alax:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pmm400-cub:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pmm500-ala:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pmm500-alax:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pmm500-cub:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:rack_automatic_transfer_switches:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:symmetra_px_100:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:symmetra_px_160:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:symmetra_px_20:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:symmetra_px_250:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:symmetra_px_40:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:symmetra_px_48:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:symmetra_px_500:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:symmetra_px_96:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*

Версия до 1.4.2.1 (включая)

Одно из

cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*

Версия до 1.4.0 (включая)

Одно из

cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00815

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-crgx-28x2-6m7q

github

около 4 лет назад

EPSS

Процентиль: 74%

0.00815

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79