CVE-2021-22827

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior versions
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:*:*:*:*:*:*:*:*

History

03 Feb 2022, 16:43

Type Values Removed Values Added
References (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03 - (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 8.8
CPE cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:*:*:*:*:*:*:*:*
First Time Schneider-electric
Schneider-electric ecostruxure Power Monitoring Expert
CWE CWE-20

28 Jan 2022, 21:15

Type Values Removed Values Added
CWE CWE-20

28 Jan 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-28 20:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-22827

Mitre link : CVE-2021-22827

CVE.ORG link : CVE-2021-22827


JSON object : View

Products Affected

schneider-electric

  • ecostruxure_power_monitoring_expert
CWE
CWE-20

Improper Input Validation