Path Traversal Vulnerability in StruxureWare Data Center Expert by Schneider Electric
CVE-2021-22794

9.1CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Struxureware Data Center Expert
Vendor: CVE Published:; 13 April 2022

Summary

A path traversal vulnerability has been identified in StruxureWare Data Center Expert, which allows attackers to manipulate file paths and gain unauthorized access to the system. This flaw can lead to remote code execution, enabling malicious actors to execute arbitrary code on the affected server. Users of StruxureWare Data Center Expert should promptly apply available patches to mitigate the risks associated with this severe security issue.

Affected Version(s)

StruxureWare Data Center Expert < unspecified

References

https://www.se.com/ww/en/download/document/SEVD-2021-257-03/

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 13, 2022
Vulnerability Reserved
Jan 6, 2021