2.7.1

CVSS 7.3 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

schneider-electric

NVD

Published: 2021-07-21

Updated: 2024-11-21

Summary

A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Easergy T300 Firmware - Schneider Electric Easergy T300 Firmware 1.5.2 Schneider Electric Easergy T300 Firmware 2.7 Schneider Electric Easergy T300 Firmware 2.7.1	4
Hardware	Schneider-Electric Schneider Electric Easergy T300 -	1

References

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02