CVE-2021-22803

{"id": "CVE-2021-22803", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-02-11T18:15:09.353", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03", "tags": ["Patch", "Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)"}, {"lang": "es", "value": "Una CWE-434: Se presenta una vulnerabilidad de Carga no Restringida de Archivos con Tipo Peligroso que podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo remota mediante una serie de rutas, cuando un atacante, escribe archivos arbitrarios en carpetas en el contexto del m\u00f3dulo DC, mediante el env\u00edo de mensajes construidos en la red. Producto afectado: Interactive Graphical SCADA System Data Collector (dc.exe) (versiones V15.0.0.21243 y anteriores)"}], "lastModified": "2024-11-21T05:50:42.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:interactive_graphical_scada_system_data_collector:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43B54FDD-0C25-407A-837F-10F321D3F8A1", "versionEndIncluding": "15.0.0.21243"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}