Vulnerability-Lookup

CVE-2021-22811 (GCVE-0-2021-22811)

Vulnerability from cvelistv5 – Published: 2022-01-28 19:09 – Updated: 2024-08-03 18:51

Summary

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)

Severity ?

No CVSS data available.

CWE

Assigner

schneider

References

URL

Tags

https://download.schneider-electric.com/files?p_D…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-28T19:09:45.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22811",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03",
              "refsource": "MISC",
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22811",
    "datePublished": "2022-01-28T19:09:45.000Z",
    "dateReserved": "2021-01-06T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:51:07.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-CRGX-28X2-6M7Q

Vulnerability from github – Published: 2022-01-29 00:00 – Updated: 2022-02-05 00:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-22811"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-28T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)",
  "id": "GHSA-crgx-28x2-6m7q",
  "modified": "2022-02-05T00:01:10Z",
  "published": "2022-01-29T00:00:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22811"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2021-22811

Vulnerability from fkie_nvd - Published: 2022-01-28 20:15 - Updated: 2024-11-21 05:50

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	cybersecurity@se.com	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	network_management_card_2_firmware	*
schneider-electric	galaxy_3500	-
schneider-electric	network_management_card_2	-
schneider-electric	single-phase_symmetra	-
schneider-electric	smart-ups	-
schneider-electric	network_management_card_2_firmware	*
schneider-electric	ap9922_battery_management_system	-
schneider-electric	apc_rack_power_distribution_units	-
schneider-electric	galaxy_g7x	-
schneider-electric	galaxy_g9kchu	-
schneider-electric	galaxy_gcxsa	-
schneider-electric	galaxy_gfc	-
schneider-electric	galaxy_gvmsa	-
schneider-electric	galaxy_gvmts	-
schneider-electric	galaxy_gvxts	-
schneider-electric	galaxy_rpp_grppip2x84	-
schneider-electric	gutor_gvx	-
schneider-electric	gutor_sxw	-
schneider-electric	netbotz_nbrk0250	-
schneider-electric	network_management_card_2	-
schneider-electric	pd40e5ek20-m	-
schneider-electric	pd40f6fk1-m	-
schneider-electric	pd40g6fk1-m	-
schneider-electric	pd40h5ek20-m	-
schneider-electric	pd40l6fk1-m	-
schneider-electric	pd60f6fk1	-
schneider-electric	pd60g6fk1	-
schneider-electric	pd60l6fk1	-
schneider-electric	pdpb150g6f	-
schneider-electric	pdpm138h-5u	-
schneider-electric	pdpm138h-r	-
schneider-electric	pdpm144f	-
schneider-electric	pdpm150g6f	-
schneider-electric	pdpm150l6f	-
schneider-electric	pdpm175g6h	-
schneider-electric	pdpm277h	-
schneider-electric	pdpm288g6h	-
schneider-electric	pdpm72f-5u	-
schneider-electric	pdrppnx10	-
schneider-electric	pdrppnx10m	-
schneider-electric	pmm400-ala	-
schneider-electric	pmm400-alax	-
schneider-electric	pmm400-cub	-
schneider-electric	pmm500-ala	-
schneider-electric	pmm500-alax	-
schneider-electric	pmm500-cub	-
schneider-electric	rack_automatic_transfer_switches	-
schneider-electric	symmetra_px_100	-
schneider-electric	symmetra_px_160	-
schneider-electric	symmetra_px_20	-
schneider-electric	symmetra_px_250	-
schneider-electric	symmetra_px_40	-
schneider-electric	symmetra_px_48	-
schneider-electric	symmetra_px_500	-
schneider-electric	symmetra_px_96	-
schneider-electric	network_management_card_3_firmware	*
schneider-electric	galaxy_3500	-
schneider-electric	network_management_card_3	-
schneider-electric	single-phase_symmetra	-
schneider-electric	smart-ups	-
schneider-electric	network_management_card_3_firmware	*
schneider-electric	apc_rack_power_distribution_units	-
schneider-electric	network_management_card_3	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B680F42-DA8E-4802-B156-8AB5DAE7FBBE",
              "versionEndIncluding": "6.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CB0BD90-277B-4214-A0D2-0CFE156F3747",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D955CFE-4142-4ED1-9C66-DF97421BF491",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B11F1E08-643E-4DAC-8D41-4D620F27919D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1355F2F4-72EF-4643-82DC-5F35FAA643EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39AB64C8-1BA8-45E7-BDD0-D9280C05178B",
              "versionEndIncluding": "6.9.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:ap9922_battery_management_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5658510-1BDD-4AFE-946D-36FFAD91F15B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B862C7-A8BD-4FF4-BBFE-70137B197471",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:galaxy_g7x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D367AAD0-542D-4D79-B346-759617A9F647",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:galaxy_g9kchu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51763D6-14F4-4F83-8391-A5ECBC17B2D5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:galaxy_gcxsa:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A1A88B-3B10-475C-AB0E-BD450F01B64C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:galaxy_gfc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A624A78-0441-443A-8E78-A2A554773BCB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:galaxy_gvmsa:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72CFF0A0-C4DA-44A5-8F55-ACD7041A14C5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:galaxy_gvmts:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26D837D0-11FD-404F-A0CB-70908DC44D80",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:galaxy_gvxts:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8C2098-FF34-482B-AC83-8C94D244A890",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:galaxy_rpp_grppip2x84:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FB59B97-7253-429B-A637-051B86759F7C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:gutor_gvx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21051ECC-603F-4B1D-87E3-898418646133",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:gutor_sxw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98191379-455C-48E9-A37F-56255EEE9EEF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:netbotz_nbrk0250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C101890D-06AC-44DF-8AF5-FCAD321B3600",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D955CFE-4142-4ED1-9C66-DF97421BF491",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pd40e5ek20-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "591B287E-8957-456E-82B3-549D069B6CE2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pd40f6fk1-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C20B242-175B-49C8-9662-47C9A7AE144F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pd40g6fk1-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62A7198F-6652-4E3D-A601-C24C8FACEAE7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pd40h5ek20-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40D386FD-741F-45C1-989B-DBF9335945E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pd40l6fk1-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8543ECA3-6AFB-4B08-9334-0272646F8DB8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pd60f6fk1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E315DD1-C867-4D48-B898-56E3DA304206",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pd60g6fk1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED5EF3C-0CBF-41E1-A72A-E58C3AB8B90D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pd60l6fk1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CC024F-31B2-4343-8AE4-400D6C3F53FD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdpb150g6f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF4D8F03-27DD-4366-A89B-22CBD7C67D7A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdpm138h-5u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3C628B3-0E90-4E4C-8801-9FAA95FBD0F8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdpm138h-r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16C3F7D6-6700-4D2E-A1BA-888B7E16D9A0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdpm144f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0383E54-C675-4A3A-B100-D9C5AF03738C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdpm150g6f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E080E19A-A326-4F44-A822-C94535239BFA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdpm150l6f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE8584C8-31DD-49E4-8335-CEEB5FA5ECF5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdpm175g6h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8681C6E-B21D-44F0-895E-CAED4F6989A7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdpm277h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21974FF3-9F0C-4B9C-AD84-5D97FC72BA42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdpm288g6h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F22D1C0-7024-4D70-8CD6-322613C36045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdpm72f-5u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "88134542-3217-469F-9958-3CE0BC9157F7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdrppnx10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2885AF-A708-47FF-B9F4-DA59B170A3F0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pdrppnx10m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A12242E-85FB-4079-90F9-B9DD61562753",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pmm400-ala:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "74A567E2-E660-4647-862A-4411B44BC1E8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pmm400-alax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2397DC2-AEF6-4801-99F7-671908F1121B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pmm400-cub:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F058F380-9F1C-469A-BE4D-CFE94A325937",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pmm500-ala:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F98F3F-A700-4D3D-832A-0866BC406C99",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pmm500-alax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D301B3D0-7DA7-4433-85F8-D0F6B0B2CB00",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:pmm500-cub:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6FDCF96-81B4-4E9D-842A-60BAF8FBD63E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:rack_automatic_transfer_switches:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "233D8B17-03A3-4E57-A96B-1A0FEC55E711",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:symmetra_px_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1F6A74-A959-4729-80A0-B4A8976271CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:symmetra_px_160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5FACD9F-9ECC-4AD4-B88A-DAB0C80DD746",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:symmetra_px_20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "454AAEB3-2752-41BD-A3F6-78515D3D30E2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:symmetra_px_250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "414089E6-4ECB-451B-8319-9BE9BFD1FCDA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:symmetra_px_40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0264FD0E-57AF-46AF-8135-1EE8782B4854",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:symmetra_px_48:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D30C4D7-16D5-4426-8EB7-25F89F0417DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:symmetra_px_500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6837B93-F653-49BC-A931-4FC8E800BFB2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:symmetra_px_96:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9AA6F1-7C6C-4A5B-85D4-31995EBF2567",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BC92355-63D8-4472-84B6-6A012B1264D7",
              "versionEndIncluding": "1.4.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CB0BD90-277B-4214-A0D2-0CFE156F3747",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D86A9F-1FAB-4355-B1D9-D43EA23575D4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B11F1E08-643E-4DAC-8D41-4D620F27919D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1355F2F4-72EF-4643-82DC-5F35FAA643EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F9C697A-21D3-4E53-9905-CF122EBA410A",
              "versionEndIncluding": "1.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B862C7-A8BD-4FF4-BBFE-70137B197471",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D86A9F-1FAB-4355-B1D9-D43EA23575D4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)"
    },
    {
      "lang": "es",
      "value": "Una CWE-79: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de la Entrada Durante la Generaci\u00f3n de la P\u00e1gina Web (\"Cross-site Scripting\") que podr\u00eda causar una ejecuci\u00f3n de scripts cuando es interceptada la petici\u00f3n de una cuenta con privilegios que accede a la p\u00e1gina web vulnerable. Productos afectados: Sistemas de alimentaci\u00f3n ininterrumpida (SAI) monof\u00e1sicos que usan NMC2, incluidos Smart-UPS, Symmetra y Galaxy 3500 con Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS versiones V6.9.8 y anteriores), Sistema de Alimentaci\u00f3n Ininterrumpida (SAI) trif\u00e1sico usando NMC2 incluyendo Symmetra PX 250/500 (SYPX) Tarjeta de administraci\u00f3n de Red 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS versiones V6.9.6 y anteriores), sistemas de alimentaci\u00f3n ininterrumpida (SAI) trif\u00e1sicos que usan NMC2, incluidos los SAI Symmetra PX 48/96/100/160 kW (PX2), los SAI Symmetra PX 20/40 kW (SY3P), Gutor (SXW, GVX) y Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS versiones V6.9.6 y anteriores), Sistema de Alimentaci\u00f3n Ininterrumpida (SAI) monof\u00e1sico usado NMC3 incluyendo Smart-UPS, Symmetra, y Galaxy 3500 con Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS versiones V1.4.2.1 y anteriores), Unidades de distribuci\u00f3n de energ\u00eda (PDU) de rack de APC que usan NMC2 2G PDU de rack medido/conmutado con NMC2 incorporado: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS versiones V6.9.6 y anteriores), Unidades de distribuci\u00f3n de energ\u00eda (PDU) en rack de APC que usan PDU en rack medido/conmutado NMC3 2G con NMC3 integrado: APDU99xx (NMC3 AOS versiones V1.4. 0 y anteriores), productos de distribuci\u00f3n de energ\u00eda trif\u00e1sica de APC que usan NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS versiones V6.9.6 y anteriores), tarjeta de administraci\u00f3n de red 2 (NMC2) para InfraStruxure 150 kVA PDU con 84 polos (X84P): PDPB150G6F (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de Red 2 para InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de Red 2 para PDU Modular 150/175kVA (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de red 2 para 400 y 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de Red 2 para PDU Modular (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS versiones V6.9.6 y anteriores), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Interruptores de transferencia autom\u00e1tica en rack - AP44XX (ATS4G) (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de red 2 (NMC2) Productos de refrigeraci\u00f3n: InRow Cooling para las series ACRP5xx, ACRP1xx, ACRD5xx y ACRC5xx SKU (ACRP2G), InRow Cooling para las series ACRC10x SKU (RC10X2G), InRow Cooling para las series ACRD6xx y ACRC6xx SKU (ACRD2G), InRow Cooling Display para las series ACRD3xx (ACRC2G), InRow Cooling para las series ACSC1xx SKUs (SC2G), InRow Cooling para las series ACRD1xx y ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display para SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV y LDWV (LEDX2G), Unidad de distribuci\u00f3n de refrigerante: ACDA9xx (RDU) (NMC2 AOS versiones V6.9.6 y anteriores), Unidad de Monitorizaci\u00f3n Ambiental con NMC2 integrado (NB250): NetBotz NBRK0250 (NMC2 AOS versiones V6.9.6 y anteriores), y Tarjeta de administraci\u00f3n de Red 2 (NMC2): AP9922 Sistema de administraci\u00f3n de la bater\u00eda (BM4) (NMC2 AOS versiones V6.9.6 y anteriores)"
    }
  ],
  "id": "CVE-2021-22811",
  "lastModified": "2024-11-21T05:50:43.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-28T20:15:10.047",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2022-AVI-436

Vulnerability from certfr_avis - Published: 2022-05-10 - Updated: 2022-08-22

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

PowerLogic ION Setup versions antérieures à 3.2.22096.01
Saitel DP RTU microgiciel versions Baseline_09.00.00 à Baseline_11.06.23 antérieures à BaseLine_11.06.24
APC Smart-UPS SRC Series ID=1004: UPS versions 14.9 et antérieures
APC Smart-UPS SRC Series ID=1006: UPS versions 14.9 et antérieures
APC Smart-UPS SRC Series ID=1011: UPS versions 14.9 et antérieures
APC Smart-UPS SRC Series ID=1033: UPS versions 00.3 et antérieures
APC Smart-UPS XU Series SRC Series ID=1017: UPS versions 02.6 et antérieures
SmartConnect séries SMTL, SCL, et SMX version du microgiciel antérieure à 15.0
HMISCU Vijeo Designer versions antérieures à 6.2 SP12
Easergy MiCOM P30 range modèles C434, P132, P139, P433, P435, P437, P532, P631, P632, P633, P634 et Px36/8 versions 660 à 674
APC Rack Power Distribution Units (PDU) utilisant NMC2 AOS versions antérieures à 7.0.6
APC Rack Power Distribution Units (PDU) utilisant NMC3 AOS versions antérieures à 1.2.0.2
APC 3-Phase Power Distribution Products utilisant NMC2 AOS versions antérieures à 7.0.4
Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) versions antérieures à 7.0.4
Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) versions antérieures à 7.0.4
Network Management Card 2 for Modular 150/175kVA PDU (XRDP) versions antérieures à 7.0.4
Network Management Card 2 for 400 and 500 kVA (PMM) versions antérieures à 7.0.4
Network Management Card 2 for Modular PDU (XRDP2G) versions antérieures à 7.0.4
Rack Automatic Transfer Switches (ATS) utilisant NMC2 AOS versions antérieures à 7.0.4
Network Management Card 2 (NMC2) Cooling Products utilisant NMC2 AOS versions antérieures à 7.0.4
Environmental Monitoring Unit with embedded NMC2 (NB250) utilisant NMC2 AOS versions antérieures à 7.0.4
Network Management Card 2 (NMC2) versions antérieures à 7.0.4
EcoStruxure Micro Data Center utilisant NMC2 AOS versions antérieures à 7.0.4

Les produits suivants ne sont plus supportés par l'éditeur :

Wiser Smart EER21000 et EER21001 versions antérieures à 4.5

Les produits suivants ne bénéficient pas encore de correctif pour les vulnérabilités CVE-2022-22805, CVE-2022-22806 et CVE-2022-0715 :

Smart-UPS séries SMT, SMC, SCL, SMX, SRT, SRC, XU, et SRTL

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2022-130-01 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-130-02 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-05 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-130-03 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-03 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-067-02 du 10 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003ePowerLogic ION Setup versions ant\u00e9rieures \u00e0 3.2.22096.01\u003c/li\u003e \u003cli\u003eSaitel DP RTU microgiciel versions Baseline_09.00.00 \u00e0 Baseline_11.06.23 ant\u00e9rieures \u00e0 BaseLine_11.06.24\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1004: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1006: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1011: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1033: UPS versions 00.3 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS XU Series SRC Series ID=1017: UPS versions 02.6 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eSmartConnect s\u00e9ries SMTL, SCL, et SMX version du microgiciel ant\u00e9rieure \u00e0 15.0\u003c/li\u003e \u003cli\u003eHMISCU Vijeo Designer versions ant\u00e9rieures \u00e0 6.2 SP12\u003c/li\u003e \u003cli\u003eEasergy MiCOM P30 range mod\u00e8les C434, P132, P139, P433, P435, P437, P532, P631, P632, P633, P634 et Px36/8 versions 660 \u00e0 674\u003c/li\u003e \u003cli\u003eAPC Rack Power Distribution Units (PDU) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.6\u003c/li\u003e \u003cli\u003eAPC Rack Power Distribution Units (PDU) utilisant NMC3 AOS versions ant\u00e9rieures \u00e0 1.2.0.2\u003c/li\u003e \u003cli\u003eAPC 3-Phase Power Distribution Products utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for Modular 150/175kVA PDU (XRDP) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for 400 and 500 kVA (PMM) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for Modular PDU (XRDP2G) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eRack Automatic Transfer Switches (ATS) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) Cooling Products utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eEnvironmental Monitoring Unit with embedded NMC2 (NB250) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eEcoStruxure Micro Data Center utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes produits suivants ne sont plus support\u00e9s par l\u0027\u00e9diteur :\u003c/p\u003e \u003cul\u003e \u003cli\u003eWiser Smart EER21000 et EER21001 versions ant\u00e9rieures \u00e0 4.5\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes produits suivants ne b\u00e9n\u00e9ficient pas encore de correctif pour les vuln\u00e9rabilit\u00e9s CVE-2022-22805, CVE-2022-22806 et CVE-2022-0715 :\u003c/p\u003e \u003cul\u003e \u003cli\u003eSmart-UPS s\u00e9ries SMT, SMC, SCL, SMX, SRT, SRC, XU, et SRTL\u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-30236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30236"
    },
    {
      "name": "CVE-2021-22811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
    },
    {
      "name": "CVE-2021-22813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
    },
    {
      "name": "CVE-2022-30233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30233"
    },
    {
      "name": "CVE-2022-30238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30238"
    },
    {
      "name": "CVE-2022-6996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-6996"
    },
    {
      "name": "CVE-2021-22810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
    },
    {
      "name": "CVE-2021-22815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
    },
    {
      "name": "CVE-2022-22806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
    },
    {
      "name": "CVE-2022-30234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30234"
    },
    {
      "name": "CVE-2022-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
    },
    {
      "name": "CVE-2021-22812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
    },
    {
      "name": "CVE-2022-30232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30232"
    },
    {
      "name": "CVE-2020-6996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6996"
    },
    {
      "name": "CVE-2022-30235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30235"
    },
    {
      "name": "CVE-2022-22805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
    },
    {
      "name": "CVE-2021-22814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
    },
    {
      "name": "CVE-2022-30237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30237"
    }
  ],
  "initial_release_date": "2022-05-10T00:00:00",
  "last_revision_date": "2022-08-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-436",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-10T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des liens",
      "revision_date": "2022-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-01 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-01_PowerLogic_ION_Setup_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-02 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-02_Saitel_DP_RTU_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V7.0.pdf\u0026p_Doc_Ref=SEVD-2021-313-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-03 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-03_WiserSmart_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-03_APC_NMC_Security_Notification_V2.0.pdf\u0026p_Doc_Ref=SEVD-2021-313-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf"
    }
  ]
}

CERTFR-2021-AVI-853

Vulnerability from certfr_avis - Published: 2021-11-09 - Updated: 2021-11-09

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Momentum MDI (171CBU), MC80 (BMKC8), HART (BMEAH*) toutes versions
N/A	N/A	versadac, toutes versions
Schneider Electric	N/A	EPack toutes versions
N/A	N/A	EPC2000 toutes versions
N/A	N/A	Modicon M262 Logic Controllers firmware version 5.1.5.35 et antérieures
N/A	N/A	SCD6000 Industrial RTU Version antérieures à SCD6000 is SY-1101211_Mand
N/A	N/A	SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et antérieures
N/A	N/A	NMC embedded devices
N/A	N/A	BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions
N/A	N/A	BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions
Schneider Electric	N/A	Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et antérieures
Symfony	process	EcoStruxure Process Expert versions antérieures à V2021
N/A	N/A	Tricon Communication Modules versions antérieures à 11.8
N/A	N/A	TelevisAir V3.0 Dongle BTLE (part number ADBT42* et antérieures)
Schneider Electric	Modicon M340	Modicon M580 CPU (BMEP* and BMEH), Modicon M340 CPU (BMXP34), BMXNOM0200 toutes versions
Schneider Electric	N/A	Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et antérieures
Schneider Electric	N/A	T2750 PAC, toutes versions
Schneider Electric	N/A	Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et antérieures
N/A	N/A	HMISTO Series HMISTU/S5T Series toutes versions
Schneider Electric	N/A	TCSEGPA23F14F, BMECXM0100 toutes versions
N/A	N/A	HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et antérieures
N/A	N/A	BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions
N/A	N/A	Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions
N/A	N/A	Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et antérieures
N/A	N/A	Momentum ENT (170ENT11*) toutes versions
Schneider Electric	N/A	nanodac toutes versions
Schneider Electric	N/A	Network Management Card 2 (NMC2)
Schneider Electric	N/A	Schneider Electric Software Update, V2.3.0 à V2.5.1
N/A	N/A	Network Management Card 3 (NMC3)
N/A	N/A	6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions
Schneider Electric	N/A	BMXNOM0200 toutes versions
N/A	N/A	BMENOP0300, BMXNOR0200 toutes versions
Schneider Electric	N/A	Modicon LMC078 toutes versions
Schneider Electric	N/A	E+PLC400 toutes versions
N/A	N/A	Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2021-313-07 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-01 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-06 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-05 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-04 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-02 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-03 du 9 novembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "versadac, toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "EPack toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EPC2000 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M262 Logic Controllers firmware version 5.1.5.35 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SCD6000 Industrial RTU Version ant\u00e9rieures \u00e0 SCD6000 is SY-1101211_Mand",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "NMC embedded devices",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 V2021",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "Tricon Communication Modules versions ant\u00e9rieures \u00e0 11.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "TelevisAir V3.0 Dongle BTLE (part number ADBT42* et ant\u00e9rieures)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions",
      "product": {
        "name": "Modicon M340",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "T2750 PAC, toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "HMISTO Series HMISTU/S5T Series toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "TCSEGPA23F14F, BMECXM0100 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Momentum ENT (170ENT11*) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "nanodac toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Network Management Card 2 (NMC2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Schneider Electric Software Update, V2.3.0 \u00e0 V2.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Network Management Card 3 (NMC3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMXNOM0200 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "BMENOP0300, BMXNOR0200 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon LMC078 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "E+PLC400 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22808"
    },
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    },
    {
      "name": "CVE-2021-22811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
    },
    {
      "name": "CVE-2021-22813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
    },
    {
      "name": "CVE-2020-35198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
    },
    {
      "name": "CVE-2021-22807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22807"
    },
    {
      "name": "CVE-2021-22810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
    },
    {
      "name": "CVE-2021-22815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
    },
    {
      "name": "CVE-2021-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
    },
    {
      "name": "CVE-2021-22812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
    },
    {
      "name": "CVE-2021-22809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22809"
    },
    {
      "name": "CVE-2021-22814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
    },
    {
      "name": "CVE-2020-28895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
    },
    {
      "name": "CVE-2021-22799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22799"
    },
    {
      "name": "CVE-2021-22816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22816"
    }
  ],
  "initial_release_date": "2021-11-09T00:00:00",
  "last_revision_date": "2021-11-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-853",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-07 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-01 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-06 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-06"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-02 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
    }
  ]
}

GSD-2021-22811

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-22811

Aliases

CVE-2021-22811

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22811",
    "description": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)",
    "id": "GSD-2021-22811"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22811"
      ],
      "details": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)",
      "id": "GSD-2021-22811",
      "modified": "2023-12-13T01:23:24.407108Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2021-22811",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03",
            "refsource": "MISC",
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.9.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.9.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:ap9922_battery_management_system:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_g7x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_g9kchu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_gcxsa:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_gfc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_gvmsa:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_gvmts:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_gvxts:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_rpp_grppip2x84:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:gutor_gvx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:gutor_sxw:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:netbotz_nbrk0250:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pd40e5ek20-m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pd40f6fk1-m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pd40g6fk1-m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pd40h5ek20-m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pd40l6fk1-m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pd60f6fk1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pd60g6fk1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pd60l6fk1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdpb150g6f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm138h-5u:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm138h-r:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm144f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm150g6f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm150l6f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm175g6h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm277h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm288g6h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm72f-5u:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdrppnx10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pdrppnx10m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pmm400-ala:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pmm400-alax:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pmm400-cub:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pmm500-ala:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pmm500-alax:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:pmm500-cub:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:rack_automatic_transfer_switches:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_160:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_20:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_250:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_40:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_48:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_96:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.4.2.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.4.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22811"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2022-02-04T15:42Z",
      "publishedDate": "2022-01-28T20:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22811 (GCVE-0-2021-22811)

GHSA-CRGX-28X2-6M7Q

FKIE_CVE-2021-22811

CERTFR-2022-AVI-436

Solution

CERTFR-2021-AVI-853

Solution

GSD-2021-22811

Tags

Sightings

Nomenclature