{ "id": "CVE-2021-22795", "sourceIdentifier": "cybersecurity@se.com", "published": "2022-04-13T16:15:09.313", "lastModified": "2024-11-21T05:50:41.180", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)" }, { "lang": "es", "value": "Una CWE-78: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de Elementos Especiales Usados en un Comando del Sistema Operativo (\" Inyecci\u00f3n de Comandos del Sistema Operativo\") que podr\u00eda causar una ejecuci\u00f3n de c\u00f3digo remota cuando es llevado a cabo a trav\u00e9s de la red. Producto afectado: StruxureWare Data Center Expert (versiones V7.8.1 y anteriores)" } ], "metrics": { "cvssMetricV31": [ { "source": "cybersecurity@se.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.3, "impactScore": 6.0 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "cybersecurity@se.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-78" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*", "versionEndIncluding": "7.8.1", "matchCriteriaId": "D7773EA4-29BE-4527-A5E6-5271C15D8F60" } ] } ] } ], "references": [ { "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/", "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }