1.15.8

CVSS 5.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

schneider-electric

NVD

Published: 2021-07-21

Updated: 2024-11-21

Summary

A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric C BUS Toolkit - Schneider Electric C BUS Toolkit 1.15.7 Schneider Electric C BUS Toolkit 1.15.8	3

References

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-04
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-04
https://www.tenable.com/security/research/tra-2021-50
https://www.tenable.com/security/research/tra-2021-50