Improper Privilege Management Vulnerability in ConneXium Network Manager Software by Schneider Electric
CVE-2021-22801

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Connexium Network Manager Software (all Versions)
Vendor: CVE Published:; 11 February 2022

Summary

An improper privilege management vulnerability in the ConneXium Network Manager Software could lead to arbitrary command execution if the software is configured with specially manipulated event actions. This flaw allows attackers to exploit vulnerabilities in authorization mechanisms, resulting in unauthorized access and potential system compromise.

Affected Version(s)

ConneXium Network Manager Software (All ) ConneXium Network Manager Software (All Versions)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2022
Vulnerability Reserved
Jan 6, 2021