CVE-2021-22794

CWE-22 — Path Traversal3 documents3 sources

Severity

9.8CRITICAL

EPSS

3.7%

top 12.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Struxureware Data Center Expert Schneider-electric Struxureware Data Center Expert

Timeline

PublishedApr 13

Latest updateApr 14

Description

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5schneider_electric/struxureware_data_center_expertunspecified — V7.8.1

▶NVDschneider-electric/struxureware_data_center_expert7.8.1

🔴Vulnerability Details

GHSA

GHSA-c53q-88xr-x99v: A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution↗2022-04-14

▶

CVEList

CVE-2021-22794: A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution↗2022-03-28

▶