OS Command Injection Vulnerability in StruxureWare Data Center Expert by Schneider Electric
CVE-2021-22795

9.1CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Struxureware Data Center Expert
Vendor: CVE Published:; 13 April 2022

Summary

A vulnerability exists in StruxureWare Data Center Expert that allows for OS command injection, enabling attackers to execute arbitrary commands remotely. This issue arises from inadequate sanitization of input, posing significant risks to the integrity and confidentiality of the managed systems. It is crucial for users of versions V7.8.1 and earlier to assess their exposure and apply necessary patches to mitigate potential threats.

Affected Version(s)

StruxureWare Data Center Expert < unspecified

References

https://www.se.com/ww/en/download/document/SEVD-2021-257-03/

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 13, 2022
Vulnerability Reserved
Jan 6, 2021