Cross-site Scripting Vulnerability in Schneider Electric's Network Management Card Products
CVE-2021-22813
6.1MEDIUM
Key Information:
- Vendor
- Schneider Electric
- Vendor
- CVE Published:
- 28 January 2022
Summary
A Cross-site Scripting vulnerability exists in Schneider Electric’s Network Management Cards, allowing the execution of arbitrary scripts. This occurs when a privileged account clicks on a specifically crafted malicious URL targeting an edit policy file, potentially leading to unauthorized actions within the application. Various models of UPS, APC Rack PDUs, cooling products, and network management cards are affected, emphasizing the importance of prompt security assessments and updates.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved