March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Adobe Security Vulnerabilities
September 15, 2021Rewterz Threat Alert – Donot APT Group – Active IOCs
September 15, 2021Rewterz Threat Advisory – Multiple Adobe Security Vulnerabilities
September 15, 2021Rewterz Threat Alert – Donot APT Group – Active IOCs
September 15, 2021
Severity
High
Analysis Summary
CVE-2021-22794
Schneider Electric StruxureWare Data Center Expert could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a directory traversal vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-22795
Schneider Electric StruxureWare Data Center Expert could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system
Impact
- Code Execution
- Unauthorized Access
Affected Vendors
Schneider Electric
Affected Products
- Schneider Electric StruxureWare Data Center Expert 7.3.1
- Schneider Electric StruxureWare Data Center Expert 7.5.0
- Schneider Electric StruxureWare Data Center Expert 7.8.1
Remediation
Refer to vendors’ advisory for the latest patches and suggested workarounds.
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-03