Improper Neutralization of Formula Elements in Schneider Electric's Easergy T300
CVE-2021-22771

7.3HIGH

Key Information:

Vendor: Schneider Electric
Status: Easergy T300 With Firmware V2.7.1 And Older
Vendor: CVE Published:; 21 July 2021

Summary

A vulnerability exists in Schneider Electric's Easergy T300 with firmware versions V2.7.1 and older. This flaw allows for improper handling of formula elements in CSV files, which can be exploited to execute arbitrary commands on the affected devices. Attackers could potentially manipulate CSV files to perform unintended actions, posing a serious security risk. It is crucial for users of the Easergy T300 to assess their firmware versions and apply the necessary updates to mitigate this vulnerability.

Affected Version(s)

Easergy T300 with firmware V2.7.1 and older Easergy T300 with firmware V2.7.1 and older

References

http://download.schneider-electric.com/files?p_Doc_Ref=SE...

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Jan 6, 2021