Schneider-Electric Network Management Card 3 Firmware vulnerabilities
6 known vulnerabilities affecting schneider-electric/network_management_card_3_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2021-22815MEDIUMCVSS 5.3≤ 1.4.2.1≤ 1.4.02022-01-28
CVE-2021-22815 [MEDIUM] CWE-200 CVE-2021-22815: A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive t
A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6
nvd
CVE-2021-22811MEDIUMCVSS 6.1≤ 1.4.2.1≤ 1.4.02022-01-28
CVE-2021-22811 [MEDIUM] CWE-79 CVE-2021-22811: A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Gal
nvd
CVE-2021-22810MEDIUMCVSS 6.1≤ 1.4.2.1≤ 1.4.02022-01-28
CVE-2021-22810 [MEDIUM] CWE-79 CVE-2021-22810: A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2
nvd
CVE-2021-22812MEDIUMCVSS 6.1≤ 1.4.2.1≤ 1.4.02022-01-28
CVE-2021-22812 [MEDIUM] CWE-79 CVE-2021-22812: A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, a
nvd
CVE-2021-22814MEDIUMCVSS 6.1≤ 1.4.2.1≤ 1.4.02022-01-28
CVE-2021-22814 [MEDIUM] CWE-79 CVE-2021-22814: A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management C
nvd
CVE-2021-22813MEDIUMCVSS 6.1≤ 1.4.2.1≤ 1.4.02022-01-28
CVE-2021-22813 [MEDIUM] CWE-79 CVE-2021-22813: A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2
nvd