Schneider-Electric C-Bus Toolkit vulnerabilities

CVE-2023-5402 [CRITICAL] CWE-269 CVE-2023-5402: A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code exec A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.

CVE-2021-22748 [HIGH] CWE-22 CVE-2021-22748: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)

CVE-2021-22784 [MEDIUM] CWE-306 CVE-2021-22784: A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15. A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system.

CVE-2021-22718 [HIGH] CWE-22 CVE-2021-22718: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring project files.

CVE-2021-22717 [HIGH] CWE-22 CVE-2021-22717: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing config files.

CVE-2021-22720 [HIGH] CWE-22 CVE-2021-22720: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project.

CVE-2021-22719 [HIGH] CWE-22 CVE-2021-22719: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a file is uploaded.

CVE-2021-22716 [HIGH] CWE-732 CVE-2021-22716: A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could all A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Affected Product: C-Bus Toolkit (V1.15.9 and prior)