Vulnerabilities > CVE-2021-22793 - Unspecified vulnerability in Schneider-Electric products

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

NVD

Published: 2021-09-02

Updated: 2024-11-21

Summary

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could allow an authenticated attacker to access the device via FTP protocol.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Accusine Pcsp Pfvp Firmware * Schneider Electric Accusine Pcsn Active Harmonic Filter Firmware *	2
Hardware	Schneider-Electric Schneider Electric Accusine Pcs+ - Schneider Electric Accusine Pfv+ - Schneider Electric Accusine Pcsn -	3

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01