Vulnerabilities > CVE-2021-22720 - Unspecified vulnerability in Schneider-Electric C-Bus Toolkit 1.15.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01
- https://www.tenable.com/security/research/tra-2021-50
- https://www.tenable.com/security/research/tra-2021-50
- https://www.zerodayinitiative.com/advisories/ZDI-21-450/
- https://www.zerodayinitiative.com/advisories/ZDI-21-450/