CVE-2021-22826

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGH

EPSS

0.7%

top 27.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Power Monitoring Expert

Timeline

PublishedJan 28

Latest updateJul 19

Description

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDschneider-electric/ecostruxure_power_monitoring_expert9.0

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

OSV

libxmltok vulnerabilities↗2022-07-19

▶

GHSA

GHSA-3jm6-hp27-2j48: A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected↗2022-01-29

▶

CVEList

CVE-2021-22826: A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected↗2022-01-28

▶