First published: Tue Apr 13 2021(Updated: )
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric C-bus Toolkit | <=1.15.7 | |
Schneider Electric C-Bus Toolkit | ||
Schneider Electric C-Bus Toolkit v1.15.7 and prior |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22720 is a vulnerability in Schneider Electric C-Bus Toolkit that allows remote attackers to disclose sensitive information.
This vulnerability can be exploited by bypassing the existing authentication mechanism to remotely disclose sensitive information.
CVE-2021-22720 has a severity rating of 7.2 (high).
Schneider Electric C-Bus Toolkit versions up to and including 1.15.7 are affected by CVE-2021-22720.
To mitigate this vulnerability, update Schneider Electric C-Bus Toolkit to a version that is not affected by CVE-2021-22720.