nvd-json-data-feeds/CVE-2021/CVE-2021-226xx/CVE-2021-22698.json

{
  "id": "CVE-2021-22698",
  "sourceIdentifier": "cybersecurity@se.com",
  "published": "2021-01-26T18:16:18.927",
  "lastModified": "2022-01-31T19:33:27.337",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed."
    },
    {
      "lang": "es",
      "value": "CWE-434: Se presenta una vulnerabilidad de Carga Sin Restricciones de Archivo con Tipo Peligroso en el software EcoStruxure Power Build - Rapsody (versiones V2.1.13 y anteriores) que podr\u00eda permitir que ocurra un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria que podr\u00eda resultar en una ejecuci\u00f3n de c\u00f3digo remota cuando un archivo SSD es cargado y analizado inapropiadamente"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cybersecurity@se.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_build_-_rapsody:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2.1.13",
              "matchCriteriaId": "E458DE1E-6488-4F4A-BD96-7E46DA716BC5"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-01",
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ]
    },
    {
      "url": "https://www.se.com/ww/en/download/document/SEVD-2021-012-02/",
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-187/",
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}