CVE-2021-22795

CWE-78 — OS Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

3.2%

top 13.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Struxureware Data Center Expert Schneider-electric Struxureware Data Center Expert

Timeline

PublishedApr 13

Latest updateApr 14

Description

A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5schneider_electric/struxureware_data_center_expertunspecified — V7.8.1

▶NVDschneider-electric/struxureware_data_center_expert7.8.1

🔴Vulnerability Details

GHSA

GHSA-9pc8-6crf-r3rv: A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code↗2022-04-14

▶

CVEList

CVE-2021-22795: A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code↗2022-03-28

▶