A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02 | Patch Vendor Advisory |
Configurations
History
03 Feb 2022, 14:59
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 3.8 |
First Time |
Schneider-electric
Schneider-electric software Update |
|
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02 - Patch, Vendor Advisory | |
CWE | CWE-331 | |
CPE | cpe:2.3:a:schneider-electric:software_update:*:*:*:*:*:*:*:* |
28 Jan 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
28 Jan 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-28 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-22799
Mitre link : CVE-2021-22799
CVE.ORG link : CVE-2021-22799
JSON object : View
Products Affected
schneider-electric
- software_update
CWE
CWE-331
Insufficient Entropy