CVE-2021-22795 CRITICAL

CVE-2021-22795

Vendor Schneider Electric

Product StruxureWare Data Center Expert

Weakness CWE-78

Published March 28, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

Key dates

02Disclosure timeline

March 28, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-22795

Related vulnerabilities

Identifiers

CVE CVE-2021-22795

CWE CWE-78

CVSS 9.1 / CRITICAL

Affected versions