CVE-2021-22720
published 2021-04-13CVE-2021-22720: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could…
PriorityP358high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
30.53%
98.0th percentile
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | c-bus_toolkit | <= 1.15.7 | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mrjp-wxf4-27w7: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1
ghsa_unreviewed·2022-05-24
CVE-2021-22720 [CRITICAL] CWE-22 GHSA-mrjp-wxf4-27w7: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project.
CISA ICS
Schneider Electric C-Bus Toolkit
cisa_ics·2021-04-15·CVSS 7.8
[HIGH] Schneider Electric C-Bus Toolkit
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric C-Bus Toolkit
Last RevisedApril 15, 2021
Alert CodeICSA-21-105-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Schneider Electric
- Equipment: C-Bus Toolkit
- Vulnerabilities: Improper Privilege Management, Path Traversal
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of C-Bus Toolkit are affected:
- C-Bus Toolkit v1.15.7 and prior
## 3.2 VULNERABILITY OVERVIEW
##
No detection rules found.
No public exploits indexed.
Tenable
Schneider Electric C-Gate Multiple Vulnerabilities
blogs_tenable·2021-11-16
Schneider Electric C-Gate Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
HackerOne
Pause-based desync in Apache HTTPD
hackerone·2022-08-25·CVSS 9.8
[CRITICAL] Pause-based desync in Apache HTTPD
Pause-based desync in Apache HTTPD
Apache was vulnerable to a pause-based desync. This vulnerability is described in detail in my whitepaper here: https://portswigger.net/research/browser-powered-desync-attacks#pause
## Impact
This enables server-side HTTP Request Smuggling when Apache is deployed as a back-end server, and it also enables MITM attackers to inject arbitrary JavaScript in spite of TLS.
important: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720)
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Acknowledgements: James Kettle
Reported to security team: 2021-12-17
fixed by r1898692 in 2.4.x: 2022-03-07
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01https://www.tenable.com/security/research/tra-2021-50https://www.zerodayinitiative.com/advisories/ZDI-21-450/https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01https://www.tenable.com/security/research/tra-2021-50https://www.zerodayinitiative.com/advisories/ZDI-21-450/
2021-04-13
Published