Vulnerabilities > CVE-2021-22697 - Unspecified vulnerability in Schneider-Electric Ecostruxure Power Build - Rapsody 2.1.13
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-012-01
- https://us-cert.cisa.gov/ics/advisories/icsa-21-012-01
- https://www.se.com/ww/en/download/document/SEVD-2021-012-02/
- https://www.se.com/ww/en/download/document/SEVD-2021-012-02/
- https://www.zerodayinitiative.com/advisories/ZDI-21-186/
- https://www.zerodayinitiative.com/advisories/ZDI-21-186/