Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-22811 (GCVE-0-2021-22811)
Vulnerability from cvelistv5 – Published: 2022-01-28 19:09 – Updated: 2024-08-03 18:51
VLAI?
EPSS
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T19:09:45",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22811",
"datePublished": "2022-01-28T19:09:45",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.9.8\", \"matchCriteriaId\": \"3B680F42-DA8E-4802-B156-8AB5DAE7FBBE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CB0BD90-277B-4214-A0D2-0CFE156F3747\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D955CFE-4142-4ED1-9C66-DF97421BF491\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B11F1E08-643E-4DAC-8D41-4D620F27919D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1355F2F4-72EF-4643-82DC-5F35FAA643EF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.9.6\", \"matchCriteriaId\": \"39AB64C8-1BA8-45E7-BDD0-D9280C05178B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:ap9922_battery_management_system:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5658510-1BDD-4AFE-946D-36FFAD91F15B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48B862C7-A8BD-4FF4-BBFE-70137B197471\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:galaxy_g7x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D367AAD0-542D-4D79-B346-759617A9F647\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:galaxy_g9kchu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E51763D6-14F4-4F83-8391-A5ECBC17B2D5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:galaxy_gcxsa:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9A1A88B-3B10-475C-AB0E-BD450F01B64C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:galaxy_gfc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A624A78-0441-443A-8E78-A2A554773BCB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:galaxy_gvmsa:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72CFF0A0-C4DA-44A5-8F55-ACD7041A14C5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:galaxy_gvmts:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26D837D0-11FD-404F-A0CB-70908DC44D80\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:galaxy_gvxts:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA8C2098-FF34-482B-AC83-8C94D244A890\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:galaxy_rpp_grppip2x84:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FB59B97-7253-429B-A637-051B86759F7C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:gutor_gvx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21051ECC-603F-4B1D-87E3-898418646133\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:gutor_sxw:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98191379-455C-48E9-A37F-56255EEE9EEF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:netbotz_nbrk0250:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C101890D-06AC-44DF-8AF5-FCAD321B3600\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D955CFE-4142-4ED1-9C66-DF97421BF491\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pd40e5ek20-m:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"591B287E-8957-456E-82B3-549D069B6CE2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pd40f6fk1-m:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C20B242-175B-49C8-9662-47C9A7AE144F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pd40g6fk1-m:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62A7198F-6652-4E3D-A601-C24C8FACEAE7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pd40h5ek20-m:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40D386FD-741F-45C1-989B-DBF9335945E9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pd40l6fk1-m:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8543ECA3-6AFB-4B08-9334-0272646F8DB8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pd60f6fk1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E315DD1-C867-4D48-B898-56E3DA304206\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pd60g6fk1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ED5EF3C-0CBF-41E1-A72A-E58C3AB8B90D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pd60l6fk1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1CC024F-31B2-4343-8AE4-400D6C3F53FD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdpb150g6f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF4D8F03-27DD-4366-A89B-22CBD7C67D7A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdpm138h-5u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3C628B3-0E90-4E4C-8801-9FAA95FBD0F8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdpm138h-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16C3F7D6-6700-4D2E-A1BA-888B7E16D9A0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdpm144f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0383E54-C675-4A3A-B100-D9C5AF03738C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdpm150g6f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E080E19A-A326-4F44-A822-C94535239BFA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdpm150l6f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE8584C8-31DD-49E4-8335-CEEB5FA5ECF5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdpm175g6h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8681C6E-B21D-44F0-895E-CAED4F6989A7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdpm277h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21974FF3-9F0C-4B9C-AD84-5D97FC72BA42\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdpm288g6h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F22D1C0-7024-4D70-8CD6-322613C36045\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdpm72f-5u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88134542-3217-469F-9958-3CE0BC9157F7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdrppnx10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E2885AF-A708-47FF-B9F4-DA59B170A3F0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pdrppnx10m:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A12242E-85FB-4079-90F9-B9DD61562753\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pmm400-ala:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74A567E2-E660-4647-862A-4411B44BC1E8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pmm400-alax:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2397DC2-AEF6-4801-99F7-671908F1121B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pmm400-cub:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F058F380-9F1C-469A-BE4D-CFE94A325937\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pmm500-ala:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08F98F3F-A700-4D3D-832A-0866BC406C99\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pmm500-alax:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D301B3D0-7DA7-4433-85F8-D0F6B0B2CB00\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:pmm500-cub:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6FDCF96-81B4-4E9D-842A-60BAF8FBD63E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:rack_automatic_transfer_switches:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"233D8B17-03A3-4E57-A96B-1A0FEC55E711\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:symmetra_px_100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F1F6A74-A959-4729-80A0-B4A8976271CF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:symmetra_px_160:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5FACD9F-9ECC-4AD4-B88A-DAB0C80DD746\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:symmetra_px_20:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"454AAEB3-2752-41BD-A3F6-78515D3D30E2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:symmetra_px_250:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"414089E6-4ECB-451B-8319-9BE9BFD1FCDA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:symmetra_px_40:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0264FD0E-57AF-46AF-8135-1EE8782B4854\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:symmetra_px_48:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D30C4D7-16D5-4426-8EB7-25F89F0417DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:symmetra_px_500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6837B93-F653-49BC-A931-4FC8E800BFB2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:symmetra_px_96:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C9AA6F1-7C6C-4A5B-85D4-31995EBF2567\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.4.2.1\", \"matchCriteriaId\": \"4BC92355-63D8-4472-84B6-6A012B1264D7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CB0BD90-277B-4214-A0D2-0CFE156F3747\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7D86A9F-1FAB-4355-B1D9-D43EA23575D4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B11F1E08-643E-4DAC-8D41-4D620F27919D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1355F2F4-72EF-4643-82DC-5F35FAA643EF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.4.0\", \"matchCriteriaId\": \"1F9C697A-21D3-4E53-9905-CF122EBA410A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48B862C7-A8BD-4FF4-BBFE-70137B197471\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7D86A9F-1FAB-4355-B1D9-D43EA23575D4\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)\"}, {\"lang\": \"es\", \"value\": \"Una CWE-79: Se presenta una vulnerabilidad de Neutralizaci\\u00f3n Inapropiada de la Entrada Durante la Generaci\\u00f3n de la P\\u00e1gina Web (\\\"Cross-site Scripting\\\") que podr\\u00eda causar una ejecuci\\u00f3n de scripts cuando es interceptada la petici\\u00f3n de una cuenta con privilegios que accede a la p\\u00e1gina web vulnerable. Productos afectados: Sistemas de alimentaci\\u00f3n ininterrumpida (SAI) monof\\u00e1sicos que usan NMC2, incluidos Smart-UPS, Symmetra y Galaxy 3500 con Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS versiones V6.9.8 y anteriores), Sistema de Alimentaci\\u00f3n Ininterrumpida (SAI) trif\\u00e1sico usando NMC2 incluyendo Symmetra PX 250/500 (SYPX) Tarjeta de administraci\\u00f3n de Red 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS versiones V6.9.6 y anteriores), sistemas de alimentaci\\u00f3n ininterrumpida (SAI) trif\\u00e1sicos que usan NMC2, incluidos los SAI Symmetra PX 48/96/100/160 kW (PX2), los SAI Symmetra PX 20/40 kW (SY3P), Gutor (SXW, GVX) y Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS versiones V6.9.6 y anteriores), Sistema de Alimentaci\\u00f3n Ininterrumpida (SAI) monof\\u00e1sico usado NMC3 incluyendo Smart-UPS, Symmetra, y Galaxy 3500 con Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS versiones V1.4.2.1 y anteriores), Unidades de distribuci\\u00f3n de energ\\u00eda (PDU) de rack de APC que usan NMC2 2G PDU de rack medido/conmutado con NMC2 incorporado: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS versiones V6.9.6 y anteriores), Unidades de distribuci\\u00f3n de energ\\u00eda (PDU) en rack de APC que usan PDU en rack medido/conmutado NMC3 2G con NMC3 integrado: APDU99xx (NMC3 AOS versiones V1.4. 0 y anteriores), productos de distribuci\\u00f3n de energ\\u00eda trif\\u00e1sica de APC que usan NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS versiones V6.9.6 y anteriores), tarjeta de administraci\\u00f3n de red 2 (NMC2) para InfraStruxure 150 kVA PDU con 84 polos (X84P): PDPB150G6F (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\\u00f3n de Red 2 para InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\\u00f3n de Red 2 para PDU Modular 150/175kVA (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\\u00f3n de red 2 para 400 y 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\\u00f3n de Red 2 para PDU Modular (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS versiones V6.9.6 y anteriores), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Interruptores de transferencia autom\\u00e1tica en rack - AP44XX (ATS4G) (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\\u00f3n de red 2 (NMC2) Productos de refrigeraci\\u00f3n: InRow Cooling para las series ACRP5xx, ACRP1xx, ACRD5xx y ACRC5xx SKU (ACRP2G), InRow Cooling para las series ACRC10x SKU (RC10X2G), InRow Cooling para las series ACRD6xx y ACRC6xx SKU (ACRD2G), InRow Cooling Display para las series ACRD3xx (ACRC2G), InRow Cooling para las series ACSC1xx SKUs (SC2G), InRow Cooling para las series ACRD1xx y ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display para SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV y LDWV (LEDX2G), Unidad de distribuci\\u00f3n de refrigerante: ACDA9xx (RDU) (NMC2 AOS versiones V6.9.6 y anteriores), Unidad de Monitorizaci\\u00f3n Ambiental con NMC2 integrado (NB250): NetBotz NBRK0250 (NMC2 AOS versiones V6.9.6 y anteriores), y Tarjeta de administraci\\u00f3n de Red 2 (NMC2): AP9922 Sistema de administraci\\u00f3n de la bater\\u00eda (BM4) (NMC2 AOS versiones V6.9.6 y anteriores)\"}]",
"id": "CVE-2021-22811",
"lastModified": "2024-11-21T05:50:43.040",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2022-01-28T20:15:10.047",
"references": "[{\"url\": \"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-22811\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2022-01-28T20:15:10.047\",\"lastModified\":\"2024-11-21T05:50:43.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)\"},{\"lang\":\"es\",\"value\":\"Una CWE-79: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de la Entrada Durante la Generaci\u00f3n de la P\u00e1gina Web (\\\"Cross-site Scripting\\\") que podr\u00eda causar una ejecuci\u00f3n de scripts cuando es interceptada la petici\u00f3n de una cuenta con privilegios que accede a la p\u00e1gina web vulnerable. Productos afectados: Sistemas de alimentaci\u00f3n ininterrumpida (SAI) monof\u00e1sicos que usan NMC2, incluidos Smart-UPS, Symmetra y Galaxy 3500 con Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS versiones V6.9.8 y anteriores), Sistema de Alimentaci\u00f3n Ininterrumpida (SAI) trif\u00e1sico usando NMC2 incluyendo Symmetra PX 250/500 (SYPX) Tarjeta de administraci\u00f3n de Red 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS versiones V6.9.6 y anteriores), sistemas de alimentaci\u00f3n ininterrumpida (SAI) trif\u00e1sicos que usan NMC2, incluidos los SAI Symmetra PX 48/96/100/160 kW (PX2), los SAI Symmetra PX 20/40 kW (SY3P), Gutor (SXW, GVX) y Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS versiones V6.9.6 y anteriores), Sistema de Alimentaci\u00f3n Ininterrumpida (SAI) monof\u00e1sico usado NMC3 incluyendo Smart-UPS, Symmetra, y Galaxy 3500 con Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS versiones V1.4.2.1 y anteriores), Unidades de distribuci\u00f3n de energ\u00eda (PDU) de rack de APC que usan NMC2 2G PDU de rack medido/conmutado con NMC2 incorporado: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS versiones V6.9.6 y anteriores), Unidades de distribuci\u00f3n de energ\u00eda (PDU) en rack de APC que usan PDU en rack medido/conmutado NMC3 2G con NMC3 integrado: APDU99xx (NMC3 AOS versiones V1.4. 0 y anteriores), productos de distribuci\u00f3n de energ\u00eda trif\u00e1sica de APC que usan NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS versiones V6.9.6 y anteriores), tarjeta de administraci\u00f3n de red 2 (NMC2) para InfraStruxure 150 kVA PDU con 84 polos (X84P): PDPB150G6F (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de Red 2 para InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de Red 2 para PDU Modular 150/175kVA (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de red 2 para 400 y 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de Red 2 para PDU Modular (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS versiones V6.9.6 y anteriores), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Interruptores de transferencia autom\u00e1tica en rack - AP44XX (ATS4G) (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de red 2 (NMC2) Productos de refrigeraci\u00f3n: InRow Cooling para las series ACRP5xx, ACRP1xx, ACRD5xx y ACRC5xx SKU (ACRP2G), InRow Cooling para las series ACRC10x SKU (RC10X2G), InRow Cooling para las series ACRD6xx y ACRC6xx SKU (ACRD2G), InRow Cooling Display para las series ACRD3xx (ACRC2G), InRow Cooling para las series ACSC1xx SKUs (SC2G), InRow Cooling para las series ACRD1xx y ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display para SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV y LDWV (LEDX2G), Unidad de distribuci\u00f3n de refrigerante: ACDA9xx (RDU) (NMC2 AOS versiones V6.9.6 y anteriores), Unidad de Monitorizaci\u00f3n Ambiental con NMC2 integrado (NB250): NetBotz NBRK0250 (NMC2 AOS versiones V6.9.6 y anteriores), y Tarjeta de administraci\u00f3n de Red 2 (NMC2): AP9922 Sistema de administraci\u00f3n de la bater\u00eda (BM4) (NMC2 AOS versiones V6.9.6 y anteriores)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.9.8\",\"matchCriteriaId\":\"3B680F42-DA8E-4802-B156-8AB5DAE7FBBE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CB0BD90-277B-4214-A0D2-0CFE156F3747\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D955CFE-4142-4ED1-9C66-DF97421BF491\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B11F1E08-643E-4DAC-8D41-4D620F27919D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1355F2F4-72EF-4643-82DC-5F35FAA643EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.9.6\",\"matchCriteriaId\":\"39AB64C8-1BA8-45E7-BDD0-D9280C05178B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:ap9922_battery_management_system:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5658510-1BDD-4AFE-946D-36FFAD91F15B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48B862C7-A8BD-4FF4-BBFE-70137B197471\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:galaxy_g7x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D367AAD0-542D-4D79-B346-759617A9F647\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:galaxy_g9kchu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E51763D6-14F4-4F83-8391-A5ECBC17B2D5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:galaxy_gcxsa:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9A1A88B-3B10-475C-AB0E-BD450F01B64C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:galaxy_gfc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A624A78-0441-443A-8E78-A2A554773BCB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:galaxy_gvmsa:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72CFF0A0-C4DA-44A5-8F55-ACD7041A14C5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:galaxy_gvmts:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26D837D0-11FD-404F-A0CB-70908DC44D80\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:galaxy_gvxts:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA8C2098-FF34-482B-AC83-8C94D244A890\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:galaxy_rpp_grppip2x84:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FB59B97-7253-429B-A637-051B86759F7C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:gutor_gvx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21051ECC-603F-4B1D-87E3-898418646133\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:gutor_sxw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98191379-455C-48E9-A37F-56255EEE9EEF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:netbotz_nbrk0250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C101890D-06AC-44DF-8AF5-FCAD321B3600\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D955CFE-4142-4ED1-9C66-DF97421BF491\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pd40e5ek20-m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"591B287E-8957-456E-82B3-549D069B6CE2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pd40f6fk1-m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C20B242-175B-49C8-9662-47C9A7AE144F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pd40g6fk1-m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A7198F-6652-4E3D-A601-C24C8FACEAE7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pd40h5ek20-m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40D386FD-741F-45C1-989B-DBF9335945E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pd40l6fk1-m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8543ECA3-6AFB-4B08-9334-0272646F8DB8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pd60f6fk1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E315DD1-C867-4D48-B898-56E3DA304206\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pd60g6fk1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ED5EF3C-0CBF-41E1-A72A-E58C3AB8B90D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pd60l6fk1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1CC024F-31B2-4343-8AE4-400D6C3F53FD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdpb150g6f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF4D8F03-27DD-4366-A89B-22CBD7C67D7A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdpm138h-5u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3C628B3-0E90-4E4C-8801-9FAA95FBD0F8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdpm138h-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16C3F7D6-6700-4D2E-A1BA-888B7E16D9A0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdpm144f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0383E54-C675-4A3A-B100-D9C5AF03738C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdpm150g6f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E080E19A-A326-4F44-A822-C94535239BFA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdpm150l6f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE8584C8-31DD-49E4-8335-CEEB5FA5ECF5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdpm175g6h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8681C6E-B21D-44F0-895E-CAED4F6989A7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdpm277h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21974FF3-9F0C-4B9C-AD84-5D97FC72BA42\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdpm288g6h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F22D1C0-7024-4D70-8CD6-322613C36045\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdpm72f-5u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88134542-3217-469F-9958-3CE0BC9157F7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdrppnx10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E2885AF-A708-47FF-B9F4-DA59B170A3F0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pdrppnx10m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A12242E-85FB-4079-90F9-B9DD61562753\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pmm400-ala:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74A567E2-E660-4647-862A-4411B44BC1E8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pmm400-alax:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2397DC2-AEF6-4801-99F7-671908F1121B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pmm400-cub:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F058F380-9F1C-469A-BE4D-CFE94A325937\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pmm500-ala:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08F98F3F-A700-4D3D-832A-0866BC406C99\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pmm500-alax:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D301B3D0-7DA7-4433-85F8-D0F6B0B2CB00\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:pmm500-cub:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6FDCF96-81B4-4E9D-842A-60BAF8FBD63E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:rack_automatic_transfer_switches:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"233D8B17-03A3-4E57-A96B-1A0FEC55E711\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:symmetra_px_100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1F6A74-A959-4729-80A0-B4A8976271CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:symmetra_px_160:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5FACD9F-9ECC-4AD4-B88A-DAB0C80DD746\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:symmetra_px_20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"454AAEB3-2752-41BD-A3F6-78515D3D30E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:symmetra_px_250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"414089E6-4ECB-451B-8319-9BE9BFD1FCDA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:symmetra_px_40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0264FD0E-57AF-46AF-8135-1EE8782B4854\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:symmetra_px_48:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D30C4D7-16D5-4426-8EB7-25F89F0417DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:symmetra_px_500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6837B93-F653-49BC-A931-4FC8E800BFB2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:symmetra_px_96:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C9AA6F1-7C6C-4A5B-85D4-31995EBF2567\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.2.1\",\"matchCriteriaId\":\"4BC92355-63D8-4472-84B6-6A012B1264D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CB0BD90-277B-4214-A0D2-0CFE156F3747\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7D86A9F-1FAB-4355-B1D9-D43EA23575D4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B11F1E08-643E-4DAC-8D41-4D620F27919D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1355F2F4-72EF-4643-82DC-5F35FAA643EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.0\",\"matchCriteriaId\":\"1F9C697A-21D3-4E53-9905-CF122EBA410A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48B862C7-A8BD-4FF4-BBFE-70137B197471\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7D86A9F-1FAB-4355-B1D9-D43EA23575D4\"}]}]}],\"references\":[{\"url\":\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
}
}
GSD-2021-22811
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-22811",
"description": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)",
"id": "GSD-2021-22811"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-22811"
],
"details": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)",
"id": "GSD-2021-22811",
"modified": "2023-12-13T01:23:24.407108Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.9.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.9.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ap9922_battery_management_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_g7x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_g9kchu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_gcxsa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_gfc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_gvmsa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_gvmts:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_gvxts:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_rpp_grppip2x84:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:gutor_gvx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:gutor_sxw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:netbotz_nbrk0250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pd40e5ek20-m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pd40f6fk1-m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pd40g6fk1-m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pd40h5ek20-m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pd40l6fk1-m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pd60f6fk1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pd60g6fk1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pd60l6fk1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdpb150g6f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm138h-5u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm138h-r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm144f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm150g6f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm150l6f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm175g6h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm277h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm288g6h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdpm72f-5u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdrppnx10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pdrppnx10m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pmm400-ala:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pmm400-alax:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pmm400-cub:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pmm500-ala:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pmm500-alax:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:pmm500-cub:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:rack_automatic_transfer_switches:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_160:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_40:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_48:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:symmetra_px_96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22811"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03",
"refsource": "MISC",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2022-02-04T15:42Z",
"publishedDate": "2022-01-28T20:15Z"
}
}
}
ICSA-21-313-01
Vulnerability from csaf_cisa - Published: 2021-11-09 00:00 - Updated: 2021-11-09 00:00Summary
Schneider Electric NMC cards and Embedded Devices
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities may allow data disclosure or cross-site scripting, which could result in an execution of malicious web code or a loss of device functionality.
Critical infrastructure sectors
Energy
Countries/areas deployed
Worldwide
Company headquarters location
France
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Andrea Palanca"
],
"organization": "Nozomi Networks",
"summary": "reporting these vulnerabilities"
},
{
"names": [
"Chua Wei Kiat",
"Thanh Nguyen"
],
"organization": "Fortinet\u0027s FortiGuard Labs",
"summary": "reporting these vulnerabilities"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may allow data disclosure or cross-site scripting, which could result in an execution of malicious web code or a loss of device functionality.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "France",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-313-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-313-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-313-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-313-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Schneider Electric NMC cards and Embedded Devices",
"tracking": {
"current_release_date": "2021-11-09T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-313-01",
"initial_release_date": "2021-11-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-11-09T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-313-01 Schneider NMC Cards and Embedded Devices"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "APC 3-Phase Power Distribution Products using NMC2: NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "APC 3-Phase Power Distribution Products using NMC2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "Network Management Card 2 for Modular 150/175kVA PDU (XRDP): NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Network Management Card 2 for Modular 150/175kVA PDU (XRDP)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2) Symmetra PX 20/40 kW UPS (SY3P) Gutor (SXW GVX) and Galaxy (GVMTS GVMSA GVXTS GVXSA G7K GFC G9KCHU): NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2) Symmetra PX 20/40 kW UPS (SY3P) Gutor (SXW GVX) and Galaxy (GVMTS GVMSA GVXTS GVXSA G7K GFC G9KCHU)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC3 \u003c= 1.4.2.1",
"product": {
"name": "1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS Symmetra and Galaxy 3500 with Network Management Card 3 (NMC3): NMC3 AOS v1.4.2.1 and prior",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS Symmetra and Galaxy 3500 with Network Management Card 3 (NMC3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "Network Management Card 2 (NMC2) AP9922 Battery Management System (BM4): NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Network Management Card 2 (NMC2) AP9922 Battery Management System (BM4)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.8",
"product": {
"name": "1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS Symmetra and Galaxy 3500 with Network Management Card 2 (NMC2): NMC2 AOS v6.9.8 and prior",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS Symmetra and Galaxy 3500 with Network Management Card 2 (NMC2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "Rack Automatic Transfer Switches (ATS): NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Rack Automatic Transfer Switches (ATS)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "Network Management Card 2 for Modular PDU (XRDP2G): NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-00010"
}
}
],
"category": "product_name",
"name": "Network Management Card 2 for Modular PDU (XRDP2G)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "Network Management Card 2 (NMC2) Cooling Products: NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-00011"
}
}
],
"category": "product_name",
"name": "Network Management Card 2 (NMC2) Cooling Products"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC3 \u003c= 1.4.0",
"product": {
"name": "APC Rack Power Distribution Units (PDU) using NMC3: NMC3 AOS v1.4.0 and prior",
"product_id": "CSAFPID-00012"
}
}
],
"category": "product_name",
"name": "APC Rack Power Distribution Units (PDU) using NMC3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "Environmental Monitoring Unit with embedded NMC2 (NB250) NetBotz NBRK0250: NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-00013"
}
}
],
"category": "product_name",
"name": "Environmental Monitoring Unit with embedded NMC2 (NB250) NetBotz NBRK0250"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "APC Rack Power Distribution Units (PDU) using NMC2: NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-00014"
}
}
],
"category": "product_name",
"name": "APC Rack Power Distribution Units (PDU) using NMC2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "Network Management Card 2 for 400 and 500 kVA (PMM): NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-00015"
}
}
],
"category": "product_name",
"name": "Network Management Card 2 for 400 and 500 kVA (PMM)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "NMC2 \u003c= 6.9.6",
"product": {
"name": "Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU): NMC2 AOS v6.9.6 and prior",
"product_id": "CSAFPID-00016"
}
}
],
"category": "product_name",
"name": "Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU)"
}
],
"category": "vendor",
"name": "Schneider Electric Software, LLC"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-22810",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability could cause arbitrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file.CVE-2021-22810 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22810"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC2: Update to v7.04 or later. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Symmetra-1-Phase-with-AP9630-31-35/P-SFSY704"
},
{
"category": "mitigation",
"details": "SUMX \u0026 SY Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "mitigation",
"details": "3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2) (See SEVD-2021-313-03 on what specific models are mitigated): Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC3: Update to v1.5 or later of the NMC3 SU and SY applications",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "mitigation",
"details": "Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "mitigation",
"details": "APC Rack Power Distribution Units (PDU) using NMC2: Update to v7.0.6 or later of the NMC2 RPDU2G application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "RPDU2G (direct download)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "APC 3-Phase Power Distribution Products using NMC2: Update to v7.0.4 or later of the NMC2 RPP application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Galaxy RPP",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Network Management Card 2 (NMC2) Cooling Products (See SEVD-2021-313-03 on what specific series are mitigated): Update to v7.0.4 or later of the NMC2 of the cooling applications. Contact a Schneider Electric support team for upgrades.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "For the products not listed above, Schneider Electric is in the process of establishing a remediation plan for affected NMC2 and NMC3 offers. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "NMC users should not trust links provided from sources that have not been verified as authentic.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Ensure the workstation where the browser is being used is secured.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "If a debug.tar file is generated via Web or CLI, ensure it is deleted after retrieval.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never connect programming software to any network other than the network for the devices that it is intended for.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices and systems and ensure they are not accessible from the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
]
},
{
"cve": "CVE-2021-22811",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted.CVE-2021-22811 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22811"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC2: Update to v7.04 or later. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Symmetra-1-Phase-with-AP9630-31-35/P-SFSY704"
},
{
"category": "mitigation",
"details": "SUMX \u0026 SY Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "mitigation",
"details": "3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2) (See SEVD-2021-313-03 on what specific models are mitigated): Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC3: Update to v1.5 or later of the NMC3 SU and SY applications",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "mitigation",
"details": "Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "mitigation",
"details": "APC Rack Power Distribution Units (PDU) using NMC2: Update to v7.0.6 or later of the NMC2 RPDU2G application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "RPDU2G (direct download)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "APC 3-Phase Power Distribution Products using NMC2: Update to v7.0.4 or later of the NMC2 RPP application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Galaxy RPP",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Network Management Card 2 (NMC2) Cooling Products (See SEVD-2021-313-03 on what specific series are mitigated): Update to v7.0.4 or later of the NMC2 of the cooling applications. Contact a Schneider Electric support team for upgrades.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "For the products not listed above, Schneider Electric is in the process of establishing a remediation plan for affected NMC2 and NMC3 offers. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "NMC users should not trust links provided from sources that have not been verified as authentic.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Ensure the workstation where the browser is being used is secured.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "If a debug.tar file is generated via Web or CLI, ensure it is deleted after retrieval.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never connect programming software to any network other than the network for the devices that it is intended for.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices and systems and ensure they are not accessible from the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
]
},
{
"cve": "CVE-2021-22812",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability could cause arbitrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC.CVE-2021-22812 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22812"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC2: Update to v7.04 or later. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Symmetra-1-Phase-with-AP9630-31-35/P-SFSY704"
},
{
"category": "mitigation",
"details": "SUMX \u0026 SY Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "mitigation",
"details": "3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2) (See SEVD-2021-313-03 on what specific models are mitigated): Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC3: Update to v1.5 or later of the NMC3 SU and SY applications",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "mitigation",
"details": "Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "mitigation",
"details": "APC Rack Power Distribution Units (PDU) using NMC2: Update to v7.0.6 or later of the NMC2 RPDU2G application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "RPDU2G (direct download)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "APC 3-Phase Power Distribution Products using NMC2: Update to v7.0.4 or later of the NMC2 RPP application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Galaxy RPP",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Network Management Card 2 (NMC2) Cooling Products (See SEVD-2021-313-03 on what specific series are mitigated): Update to v7.0.4 or later of the NMC2 of the cooling applications. Contact a Schneider Electric support team for upgrades.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "For the products not listed above, Schneider Electric is in the process of establishing a remediation plan for affected NMC2 and NMC3 offers. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "NMC users should not trust links provided from sources that have not been verified as authentic.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Ensure the workstation where the browser is being used is secured.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "If a debug.tar file is generated via Web or CLI, ensure it is deleted after retrieval.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never connect programming software to any network other than the network for the devices that it is intended for.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices and systems and ensure they are not accessible from the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
]
},
{
"cve": "CVE-2021-22813",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability could cause arbitrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file.CVE-2021-22813 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22813"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC2: Update to v7.04 or later. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Symmetra-1-Phase-with-AP9630-31-35/P-SFSY704"
},
{
"category": "mitigation",
"details": "SUMX \u0026 SY Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "mitigation",
"details": "3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2) (See SEVD-2021-313-03 on what specific models are mitigated): Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC3: Update to v1.5 or later of the NMC3 SU and SY applications",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "mitigation",
"details": "Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "mitigation",
"details": "APC Rack Power Distribution Units (PDU) using NMC2: Update to v7.0.6 or later of the NMC2 RPDU2G application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "RPDU2G (direct download)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "APC 3-Phase Power Distribution Products using NMC2: Update to v7.0.4 or later of the NMC2 RPP application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Galaxy RPP",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Network Management Card 2 (NMC2) Cooling Products (See SEVD-2021-313-03 on what specific series are mitigated): Update to v7.0.4 or later of the NMC2 of the cooling applications. Contact a Schneider Electric support team for upgrades.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "For the products not listed above, Schneider Electric is in the process of establishing a remediation plan for affected NMC2 and NMC3 offers. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "NMC users should not trust links provided from sources that have not been verified as authentic.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Ensure the workstation where the browser is being used is secured.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "If a debug.tar file is generated via Web or CLI, ensure it is deleted after retrieval.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never connect programming software to any network other than the network for the devices that it is intended for.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices and systems and ensure they are not accessible from the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
]
},
{
"cve": "CVE-2021-22814",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability could cause arbitrary script execution when a malicious file is read and displayed.CVE-2021-22814 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22814"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC2: Update to v7.04 or later. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Symmetra-1-Phase-with-AP9630-31-35/P-SFSY704"
},
{
"category": "mitigation",
"details": "SUMX \u0026 SY Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "mitigation",
"details": "3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2) (See SEVD-2021-313-03 on what specific models are mitigated): Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC3: Update to v1.5 or later of the NMC3 SU and SY applications",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "mitigation",
"details": "Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "mitigation",
"details": "APC Rack Power Distribution Units (PDU) using NMC2: Update to v7.0.6 or later of the NMC2 RPDU2G application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "RPDU2G (direct download)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "APC 3-Phase Power Distribution Products using NMC2: Update to v7.0.4 or later of the NMC2 RPP application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Galaxy RPP",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Network Management Card 2 (NMC2) Cooling Products (See SEVD-2021-313-03 on what specific series are mitigated): Update to v7.0.4 or later of the NMC2 of the cooling applications. Contact a Schneider Electric support team for upgrades.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "For the products not listed above, Schneider Electric is in the process of establishing a remediation plan for affected NMC2 and NMC3 offers. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "NMC users should not trust links provided from sources that have not been verified as authentic.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Ensure the workstation where the browser is being used is secured.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "If a debug.tar file is generated via Web or CLI, ensure it is deleted after retrieval.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never connect programming software to any network other than the network for the devices that it is intended for.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices and systems and ensure they are not accessible from the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
]
},
{
"cve": "CVE-2021-22815",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability could allow the troubleshooting archive to be accessed.CVE-2021-22815 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22815"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC2: Update to v7.04 or later. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Smart-UPS-Galaxy-3500-with-AP9630-31-35/P-SFSUMX704"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/shop/in/en/products/UPS-Network-Management-Card-v7-0-4-Firmware-for-Symmetra-1-Phase-with-AP9630-31-35/P-SFSY704"
},
{
"category": "mitigation",
"details": "SUMX \u0026 SY Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "mitigation",
"details": "3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2) (See SEVD-2021-313-03 on what specific models are mitigated): Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "Update to v7.0.4 or later of the NMC2 SYPX application. Contact a Schneider Electric support team for SYPX application upgrade.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "mitigation",
"details": "1-Phase Uninterruptible Power Supply (UPS) using NMC3: Update to v1.5 or later of the NMC3 SU and SY applications",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SUMX (SmartUPS \u0026 Galaxy 3500)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "mitigation",
"details": "SY (Single Phase Symmetra)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "mitigation",
"details": "Release notes",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "mitigation",
"details": "APC Rack Power Distribution Units (PDU) using NMC2: Update to v7.0.6 or later of the NMC2 RPDU2G application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "RPDU2G (direct download)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "mitigation",
"details": "APC 3-Phase Power Distribution Products using NMC2: Update to v7.0.4 or later of the NMC2 RPP application.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Galaxy RPP",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "mitigation",
"details": "Network Management Card 2 (NMC2) Cooling Products (See SEVD-2021-313-03 on what specific series are mitigated): Update to v7.0.4 or later of the NMC2 of the cooling applications. Contact a Schneider Electric support team for upgrades.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"category": "mitigation",
"details": "For the products not listed above, Schneider Electric is in the process of establishing a remediation plan for affected NMC2 and NMC3 offers. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "NMC users should not trust links provided from sources that have not been verified as authentic.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Ensure the workstation where the browser is being used is secured.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "If a debug.tar file is generated via Web or CLI, ensure it is deleted after retrieval.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never connect programming software to any network other than the network for the devices that it is intended for.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices and systems and ensure they are not accessible from the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
},
{
"category": "mitigation",
"details": "When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016"
]
}
]
}
]
}
GHSA-CRGX-28X2-6M7Q
Vulnerability from github – Published: 2022-01-29 00:00 – Updated: 2022-02-05 00:01
VLAI?
Details
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
{
"affected": [],
"aliases": [
"CVE-2021-22811"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-28T20:15:00Z",
"severity": "MODERATE"
},
"details": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)",
"id": "GHSA-crgx-28x2-6m7q",
"modified": "2022-02-05T00:01:10Z",
"published": "2022-01-29T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22811"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
],
"schema_version": "1.4.0",
"severity": []
}
CVE-2021-22811
Vulnerability from csaf_se - Published: 2021-11-09 06:30 - Updated: 2022-05-10 00:00Summary
APC by Schneider Electric Network Management Cards (NMC) and NMC Embedded Devices
Notes
General Security Recommendations
We strongly recommend the following industry cybersecurity best practices.
https://www.se.com/us/en/download/document/7EN52-0390/
* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
* Place all controllers in locked cabinets and never leave them in the “Program” mode.
* Never connect programming software to any network other than the network intended for that device.
* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.
* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.
For More Information
This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.
For further information related to cybersecurity in Schneider Electric’s products, visit the company’s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp
LEGAL DISCLAIMER
THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION
About Schneider Electric
At Schneider, we believe access to energy and digital is a basic human right. We empower all to do more with less, ensuring Life Is On everywhere, for everyone, at every moment.
We provide energy and automation digital solutions for efficiency and sustainability. We combine world-leading energy technologies, real-time automation, software and services into integrated solutions for Homes, Buildings, Data Centers, Infrastructure and Industries.
We are committed to unleash the infinite possibilities of an open, global, innovative community that is passionate with our Meaningful Purpose, Inclusive and Empowered values.
www.se.com
Overview
Schneider Electric is aware of multiple vulnerabilities in its products that use the Network Management Card 2 (NMC2), Network Management Card 3 (NMC3), and the NMC embedded devices.
The NMC2 and the NMC3 cards and embedded devices allow for secure monitoring and control of APC by Schneider Electric products.
Failure to apply the mitigations provided below may risk potential data disclosure or cross-site scripting which could result in execution of malicious web code or loss of device functionality.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "We strongly recommend the following industry cybersecurity best practices.\n\nhttps://www.se.com/us/en/download/document/7EN52-0390/\n* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.\n* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.\n* Place all controllers in locked cabinets and never leave them in the \u201cProgram\u201d mode.\n* Never connect programming software to any network other than the network intended for that device.\n* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.\n* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.\n* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.\n* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\nFor more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document. \n",
"title": "General Security Recommendations"
},
{
"category": "general",
"text": "This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.\nFor further information related to cybersecurity in Schneider Electric\u2019s products, visit the company\u2019s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp",
"title": "For More Information"
},
{
"category": "legal_disclaimer",
"text": "THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS \u201cNOTIFICATION\u201d) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN \u201cAS-IS\u201d BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION",
"title": "LEGAL DISCLAIMER"
},
{
"category": "general",
"text": "At Schneider, we believe access to energy and digital is a basic human right. We empower all to do more with less, ensuring Life Is On everywhere, for everyone, at every moment.\n\nWe provide energy and automation digital solutions for efficiency and sustainability. We combine world-leading energy technologies, real-time automation, software and services into integrated solutions for Homes, Buildings, Data Centers, Infrastructure and Industries.\n\nWe are committed to unleash the infinite possibilities of an open, global, innovative community that is passionate with our Meaningful Purpose, Inclusive and Empowered values.\n\nwww.se.com ",
"title": "About Schneider Electric"
},
{
"category": "summary",
"text": "Schneider Electric is aware of multiple vulnerabilities in its products that use the Network Management Card 2 (NMC2), Network Management Card 3 (NMC3), and the NMC embedded devices.\nThe NMC2 and the NMC3 cards and embedded devices allow for secure monitoring and control of APC by Schneider Electric products.\nFailure to apply the mitigations provided below may risk potential data disclosure or cross-site scripting which could result in execution of malicious web code or loss of device functionality.",
"title": "Overview"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cybersecurity@se.com",
"name": "Schneider Electric CPCERT",
"namespace": "https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp"
},
"references": [
{
"category": "self",
"summary": "APC by Schneider Electric Network Management Cards (NMC) and NMC Embedded Devices - SEVD-2021-313-03 CSAF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2021-313-03.json"
},
{
"category": "self",
"summary": "APC by Schneider Electric Network Management Cards (NMC) and NMC Embedded Devices - SEVD-2021-313-03 PDF Version",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-03_APC_NMC_Security_Notification_V2.0.pdf"
},
{
"category": "external",
"summary": "Recommended Cybersecurity Best Practices",
"url": "https://www.se.com/us/en/download/document/7EN52-0390/"
}
],
"title": "APC by Schneider Electric Network Management Cards (NMC) and NMC Embedded Devices",
"tracking": {
"current_release_date": "2022-05-10T00:00:00.00Z",
"generator": {
"date": "2022-05-10T00:00:00.00Z",
"engine": {
"name": "Schneider Electric CSAF Generator",
"version": "1.2"
}
},
"id": "SEVD-2021-313-03",
"initial_release_date": "2021-11-09T06:30:00.000Z",
"revision_history": [
{
"date": "2021-11-09T06:30:00.000Z",
"number": "1",
"summary": "Original Release"
},
{
"date": "2022-05-10T00:00:00.00Z",
"number": "2",
"summary": "Remediations added for remaining affected products: APC Power Distribution products, Cooling products, Environmental Monitoring products, and Battery Management products."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.8",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC2 Smart-UPS Network Management Card 2 AOS version 6.9.8 and prior",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC2 Smart-UPS Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "2"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Smart-UPS"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.8",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra Network Management Card 2 AOS version 6.9.8 and prior",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "4"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Symmetra"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.8",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC2 Galaxy 3500 Network Management Card 2 AOS version 6.9.8 and prior",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC2 Galaxy 3500 Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "6"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Galaxy 3500"
}
],
"category": "product_family",
"name": "1-Phase Uninterruptible Power Supply (UPS) using NMC2"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 250 (SYPX) Network Management Card 2 AOS version 6.9.6 and prior",
"product_id": "7",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 250 (SYPX) Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "8"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Symmetra PX 250 (SYPX)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 500 (SYPX) Network Management Card 2 AOS version 6.9.6 and prior",
"product_id": "9",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 500 (SYPX) Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "10"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Symmetra PX 500 (SYPX)"
}
],
"category": "product_family",
"name": "3-Phase Uninterruptible Power Supply (UPS) using NMC2"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 48 kW UPS (PX2) Network Management Card 2 AOS version 6.9.6 and prior",
"product_id": "11",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 48 kW UPS (PX2) Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "12"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Symmetra PX 48 kW UPS (PX2)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 96 kW UPS (PX2) Network Management Card 2 AOS version 6.9.6 and prior",
"product_id": "13",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 96 kW UPS (PX2) Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "14"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Symmetra PX 96 kW UPS (PX2)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 100 kW UPS (PX2) Network Management Card 2 AOS version 6.9.6 and prior",
"product_id": "15",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 100 kW UPS (PX2) Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "16"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Symmetra PX 100 kW UPS (PX2)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 160 kW UPS (PX2) Network Management Card 2 AOS version 6.9.6 and prior",
"product_id": "17",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 160 kW UPS (PX2) Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "18"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Symmetra PX 160 kW UPS (PX2)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 20 kW UPS (SY3P) Network Management Card 2 AOS version 6.9.6 and prior",
"product_id": "19",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 20 kW UPS (SY3P) Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "20"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Symmetra PX 20 kW UPS (SY3P)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 40 kW UPS (SY3P) Network Management Card 2 AOS version 6.9.6 and prior",
"product_id": "21",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 40 kW UPS (SY3P) Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "22"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Symmetra PX 40 kW UPS (SY3P)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Gutor (SXW, GVX) Network Management Card 2 AOS version 6.9.6 and prior",
"product_id": "23",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Gutor (SXW, GVX) Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "24"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Gutor (SXW, GVX)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Galaxy 3500 (G300, GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU, CHU) Network Management Card 2 AOS version 6.9.6 and prior",
"product_id": "25",
"product_identification_helper": {
"model_numbers": [
"AP9630CH",
"AP9630J",
"AP9630",
"AP9631",
"AP9631CH",
"AP9631J",
"AP9635",
"AP963J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric 3-Phase Uninterruptible Power Supply (UPS) using NMC2 Galaxy 3500 (G300, GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU, CHU) Network Management Card 2 AOS version 7.0.4 and later",
"product_id": "26"
}
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Galaxy 3500 (G300, GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU, CHU)"
}
],
"category": "product_family",
"name": "3-Phase Uninterruptible Power Supply (UPS) using NMC2"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.4.2.1",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC3 Smart-UPS Network Management Card 3 AOS version 1.4.2.1 and prior",
"product_id": "27",
"product_identification_helper": {
"model_numbers": [
"AP9640",
"AP9640J",
"AP9641",
"AP9641J",
"AP9643",
"AP9643J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=1.5",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC3 Smart-UPS Network Management Card 3 AOS version 1.5 and later",
"product_id": "28"
}
}
],
"category": "host_name",
"name": "Network Management Card 3 AOS"
}
],
"category": "product_name",
"name": "Smart-UPS"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.4.2.1",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC3 Symmetra Network Management Card 3 AOS version 1.4.2.1 and prior",
"product_id": "29",
"product_identification_helper": {
"model_numbers": [
"AP9640",
"AP9640J",
"AP9641",
"AP9641J",
"AP9643",
"AP9643J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=1.5",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC3 Symmetra Network Management Card 3 AOS version 1.5 and later",
"product_id": "30"
}
}
],
"category": "host_name",
"name": "Network Management Card 3 AOS"
}
],
"category": "product_name",
"name": "Symmetra"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.4.2.1",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC3 Galaxy 3500 Network Management Card 2 AOS Network Management Card 3 AOS version 1.4.2.1 and prior",
"product_id": "31",
"product_identification_helper": {
"model_numbers": [
"AP9640",
"AP9640J",
"AP9641",
"AP9641J",
"AP9643",
"AP9643J"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=1.5",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC3 Galaxy 3500 Network Management Card 2 AOS Network Management Card 3 AOS version 1.5 and later",
"product_id": "32"
}
}
],
"category": "host_name",
"name": "Network Management Card 3 AOS"
}
],
"category": "host_name",
"name": "Network Management Card 2 AOS"
}
],
"category": "product_name",
"name": "Galaxy 3500"
}
],
"category": "product_family",
"name": "1-Phase Uninterruptible Power Supply (UPS) using NMC3"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2 Network Management Card AOS 2 version 6.9.6 and prior",
"product_id": "33",
"product_identification_helper": {
"model_numbers": [
"AP84xx",
"AP86xx",
"AP88xx",
"AP89xx"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.6",
"product": {
"name": "Schneider Electric APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2 Network Management Card AOS 2 version 7.0.6 and later",
"product_id": "34"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "2G Metered/Switched Rack PDUs with embedded NMC2"
}
],
"category": "product_family",
"name": "APC Rack Power Distribution Units (PDU) using NMC2"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.4.0",
"product": {
"name": "Schneider Electric APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3 Network Management Card 3 AOS version 1.4.0 and prior",
"product_id": "35",
"product_identification_helper": {
"model_numbers": [
"APDU99xx"
]
}
}
},
{
"category": "product_version",
"name": "1.5.0",
"product": {
"name": "Schneider Electric APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3 Network Management Card 3 AOS 1.5.0",
"product_id": "36"
}
}
],
"category": "host_name",
"name": "Network Management Card 3 AOS"
}
],
"category": "product_name",
"name": "2G Metered/Switched Rack PDUs with embedded NMC3"
}
],
"category": "product_family",
"name": "APC Rack Power Distribution Units (PDU) using NMC3"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP Network Management Card AOS 2 version 6.9.6 and prior",
"product_id": "37"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP Network Management Card AOS 2 version 7.0.4 and later",
"product_id": "38"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "Galaxy RPP"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric APC 3-Phase Power Distribution Products using NMC2 GRPPIP2X84 Network Management Card AOS 2 version 6.9.6 and prior",
"product_id": "39"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric APC 3-Phase Power Distribution Products using NMC2 GRPPIP2X84 Network Management Card AOS 2 version 7.0.4 and later",
"product_id": "40"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "GRPPIP2X84"
}
],
"category": "product_family",
"name": "APC 3-Phase Power Distribution Products using NMC2"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) PDPB150G6F Network Management Card AOS 2 version 6.9.6 and prior",
"product_id": "41"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) PDPB150G6F Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "42"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDPB150G6F"
}
],
"category": "product_family",
"name": "Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P)"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "43"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "44"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PD40G6FK1-M"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40F6FK1-M Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "45"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40F6FK1-M Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "46"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PD40F6FK1-M"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40L6FK1-M Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "47"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40L6FK1-M Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "48"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PD40L6FK1-M"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PDRPPNX10M Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "49"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PDRPPNX10M Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "50"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDRPPNX10M"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD60G6FK1 Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "51"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD60G6FK1 Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "52"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PD60G6FK1"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD60F6FK1 Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "53"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD60F6FK1 Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "54"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PD60F6FK1"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PDRPPNX10 Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "55"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PDRPPNX10 Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "56"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDRPPNX10"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40E5EK20-M Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "57"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40E5EK20-M Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "58"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PD40E5EK20-M"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40H5EK20-M Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "59"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40H5EK20-M Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "60"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PD40H5EK20-M"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD60L6FK1 Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "61"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD60L6FK1 Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "62"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PD60L6FK1"
}
],
"category": "product_family",
"name": "Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU)"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular 150/175kVA PDU (XRDP) PDPM150G6F Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "63"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular 150/175kVA PDU (XRDP) PDPM150G6F Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "64"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDPM150G6F"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular 150/175kVA PDU (XRDP) PDPM150L6F Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "65"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular 150/175kVA PDU (XRDP) PDPM150L6F Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "66"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDPM150L6F"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular 150/175kVA PDU (XRDP) PDPM175G6H Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "67"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular 150/175kVA PDU (XRDP) PDPM175G6H Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "68"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDPM175G6H"
}
],
"category": "product_family",
"name": "Network Management Card 2 for Modular 150/175kVA PDU (XRDP)"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM400-ALA Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "69"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM400-ALA Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "70"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PMM400-ALA"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM400-ALAX Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "71"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM400-ALAX Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "72"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PMM400-ALAX"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM400-CUB Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "73"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM400-CUB Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "74"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PMM400-CUB"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM500-ALA Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "75"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM500-ALA Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "76"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PMM500-ALA"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM500-ALAX Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "77"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM500-ALAX Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "78"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PMM500-ALAX"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM500-CUB Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "79"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for 400 and 500 kVA (PMM) PMM500-CUB Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "80"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PMM500-CUB"
}
],
"category": "product_family",
"name": "Network Management Card 2 for 400 and 500 kVA (PMM)"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM72F-5U Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "81"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM72F-5U Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "82"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDPM72F-5U"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM138H-5U Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "83"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM138H-5U Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "84"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDPM138H-5U"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM144F Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "85"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM144F Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "86"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDPM144F"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM138H-R Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "87"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM138H-R Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "88"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDPM138H-R"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM277H Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "89"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM277H Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "90"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDPM277H"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM288G6H Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "91"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 for Modular PDU (XRDP2G) PDPM288G6H Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "92"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "PDPM288G6H"
}
],
"category": "product_family",
"name": "Network Management Card 2 for Modular PDU (XRDP2G)"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Rack Automatic Transfer Switches (ATS) Embedded NMC2 Rack Automatic Transfer Switches Network Management Card AOS 2 (ATS4G) \u003c=6.9.6",
"product_id": "93",
"product_identification_helper": {
"model_numbers": [
"AP44xx"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Rack Automatic Transfer Switches (ATS) Embedded NMC2 Rack Automatic Transfer Switches Network Management Card AOS 2 (ATS4G) \u003e=7.0.4",
"product_id": "94"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2 (ATS4G)"
}
],
"category": "product_name",
"name": "Rack Automatic Transfer Switches"
}
],
"category": "product_family",
"name": "Rack Automatic Transfer Switches (ATS) Embedded NMC2"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Environmental Monitoring Unit with embedded NMC2 (NB250) NetBotz NBRK0250 Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "95"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Environmental Monitoring Unit with embedded NMC2 (NB250) NetBotz NBRK0250 Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "96"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "NetBotz NBRK0250"
}
],
"category": "product_family",
"name": "Environmental Monitoring Unit with embedded NMC2 (NB250)"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Battery Management Products Network Management Card 2 (NMC2) AP9922 Battery Management System (BM4) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "97",
"product_identification_helper": {
"model_numbers": [
"BM4"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Battery Management Products Network Management Card 2 (NMC2) AP9922 Battery Management System (BM4) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "98"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "AP9922 Battery Management System (BM4)"
}
],
"category": "product_family",
"name": "Battery Management Products Network Management Card 2 (NMC2)"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric 1-Phase Uninterruptible Power Supply (UPS) using NMC2 Smart-UPS Network Management Card 2 AOS \u003c=6.9.8",
"product_id": "99",
"product_identification_helper": {
"model_numbers": [
"MDC"
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Battery Management Products EcoStruxure Micro Data Center (MDC) Network Management Card AOS 2 (ATS4G) \u003e=7.0.4",
"product_id": "100"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2 (ATS4G)"
}
],
"category": "product_name",
"name": "EcoStruxure Micro Data Center (MDC)"
}
],
"category": "product_family",
"name": "Battery Management Products"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "101"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "102"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling for series ACRC10x SKUs (RC10X2G) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "103"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling for series ACRC10x SKUs (RC10X2G) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "104"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "InRow Cooling for series ACRC10x SKUs (RC10X2G)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "105"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "106"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling Display for series ACRD3xx (ACRC2G) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "107"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling Display for series ACRD3xx (ACRC2G) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "108"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "InRow Cooling Display for series ACRD3xx (ACRC2G)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling for series ACSC1xx SKUs (SC2G) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "109"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling for series ACSC1xx SKUs (SC2G) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "110"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "InRow Cooling for series ACSC1xx SKUs (SC2G)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "111"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "112"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Ecoflair IAEC25/50 Air Economizer Display (EB2G) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "113"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Ecoflair IAEC25/50 Air Economizer Display (EB2G) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "114"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "Ecoflair IAEC25/50 Air Economizer Display (EB2G)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair SP UCF0481I, UCF0341I (UNFLRSP) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "115"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair SP UCF0481I, UCF0341I (UNFLRSP) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "116"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "Uniflair SP UCF0481I, UCF0341I (UNFLRSP)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair AM Perimeter Cooling for SKUs: SDCC, SDCV, SDAC, ADAV, SDWC, SDWV, SUAC, SUAV, SUWC, and SUWV (AMICO) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "117"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair AM Perimeter Cooling for SKUs: SDCC, SDCV, SDAC, ADAV, SDWC, SDWV, SUAC, SUAV, SUWC, and SUWV (AMICO) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "118"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "Uniflair AM Perimeter Cooling for SKUs: SDCC, SDCV, SDAC, ADAV, SDWC, SDWV, SUAC, SUAV, SUWC, and SUWV (AMICO)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "119"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "120"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair LEL Perimeter Cooling for SKUs: LDCV, LUCV (UNFLRLEL) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "121"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair LEL Perimeter Cooling for SKUs: LDCV, LUCV (UNFLRLEL) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "122"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "Uniflair LEL Perimeter Cooling for SKUs: LDCV, LUCV (UNFLRLEL)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair Display for Aquaflair TSA/TRA Chiller (UNFLRTSA) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "123"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair Display for Aquaflair TSA/TRA Chiller (UNFLRTSA) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "124"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "Uniflair Display for Aquaflair TSA/TRA Chiller (UNFLRTSA)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair Display for Trim Chiller (TRMCHLR) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "125"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair Display for Trim Chiller (TRMCHLR) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "126"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "Uniflair Display for Trim Chiller (TRMCHLR)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair BCWC Chiller (AQUACENTR) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "127"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Uniflair BCWC Chiller (AQUACENTR) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "128"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "Uniflair BCWC Chiller (AQUACENTR)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.9.6",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Refrigerant Distribution Unit: ACDA9xx (RDU) Network Management Card AOS 2 \u003c=6.9.6",
"product_id": "129"
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.4",
"product": {
"name": "Schneider Electric Network Management Card 2 (NMC2) Cooling Products Refrigerant Distribution Unit: ACDA9xx (RDU) Network Management Card AOS 2 \u003e=7.0.4",
"product_id": "130"
}
}
],
"category": "host_name",
"name": "Network Management Card AOS 2"
}
],
"category": "product_name",
"name": "Refrigerant Distribution Unit: ACDA9xx (RDU)"
}
],
"category": "product_family",
"name": "Network Management Card 2 (NMC2) Cooling Products"
}
],
"category": "vendor",
"name": "Schneider Electric"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Chua Wei Kiat",
"Thanh Nguyen"
],
"organization": "Fortinet\u2019s Fortiguard Labs"
}
],
"cve": "CVE-2021-22810",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"4",
"6",
"8",
"10",
"12",
"14",
"16",
"18",
"20",
"22",
"24",
"26",
"28",
"30",
"32",
"34",
"36",
"38",
"40",
"42",
"44",
"46",
"48",
"50",
"52",
"54",
"56",
"58",
"60",
"62",
"64",
"66",
"68",
"70",
"72",
"74",
"76",
"78",
"80",
"82",
"84",
"86",
"88",
"90",
"92",
"94",
"96",
"98",
"100",
"102",
"104",
"106",
"108",
"110",
"112",
"114",
"116",
"118",
"120",
"122",
"124",
"126",
"128",
"130"
],
"known_affected": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1"
],
"url": "https://www.apc.com/in/en/product/SFSUMX704/ups-network-management-card-v7-0-4-firmware-for-smartups-galaxy-3500-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"3",
"5"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1",
"2",
"5"
],
"url": "https://www.apc.com/in/en/product/SFSY704/ups-network-management-card-v7-0-4-firmware-for-symmetra-1phase-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SYPX application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for SYPX application upgrade.",
"product_ids": [
"7",
"9"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later for the Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (G300, GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU, CHU) includes fixes for these vulnerabilities has been released.\nPlease contact your local support team for application upgrades for these models.",
"product_ids": [
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"31"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"29"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"29",
"31"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://sk.se.com/doc_info.aspx?DocRef=990-9958L_EN\u0026isdvd=False\u0026df=3\u0026gid=891285"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://ckm-content.se.com/ckmContent/sfc/servlet.shepherd/document/download/0698V00000KscmiQAB"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=990-6391_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6391B.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 RPP application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"37",
"39"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 for X84P, XPDU, XRDP, PMM, and XRDP2G applications includes fixes for these vulnerabilities.\nPlease contact your local support team for application upgrade.",
"product_ids": [
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"56",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 ATS4G application include fixes for these vulnerabilities and are available for download",
"product_ids": [
"93"
],
"url": "https://www.se.com/ww/en/download/document/APC_ATS4G_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 of these cooling applications include fixes for these vulnerabilities and have been released.\nPlease contact your local support team for upgrades.",
"product_ids": [
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 NB250 application includes fixes for these vulnerabilities and has been released",
"product_ids": [
"95"
],
"url": "https://www.se.com/ww/en/download/document/APC_NB250_706_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 BM4 application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for BM4 application upgrade.",
"product_ids": [
"97"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 MDC application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for MDC application upgrade.",
"product_ids": [
"100"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
}
],
"title": "CVE-2021-22810"
},
{
"acknowledgments": [
{
"names": [
"Chua Wei Kiat",
"Thanh Nguyen"
],
"organization": "Fortinet\u2019s Fortiguard Labs"
}
],
"cve": "CVE-2021-22811",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"4",
"6",
"8",
"10",
"12",
"14",
"16",
"18",
"20",
"22",
"24",
"26",
"28",
"30",
"32",
"34",
"36",
"38",
"40",
"42",
"44",
"46",
"48",
"50",
"52",
"54",
"56",
"58",
"60",
"62",
"64",
"66",
"68",
"70",
"72",
"74",
"76",
"78",
"80",
"82",
"84",
"86",
"88",
"90",
"92",
"94",
"96",
"98",
"100",
"102",
"104",
"106",
"108",
"110",
"112",
"114",
"116",
"118",
"120",
"122",
"124",
"126",
"128",
"130"
],
"known_affected": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1"
],
"url": "https://www.apc.com/in/en/product/SFSUMX704/ups-network-management-card-v7-0-4-firmware-for-smartups-galaxy-3500-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"3",
"5"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1",
"2",
"5"
],
"url": "https://www.apc.com/in/en/product/SFSY704/ups-network-management-card-v7-0-4-firmware-for-symmetra-1phase-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SYPX application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for SYPX application upgrade.",
"product_ids": [
"7",
"9"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later for the Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (G300, GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU, CHU) includes fixes for these vulnerabilities has been released.\nPlease contact your local support team for application upgrades for these models.",
"product_ids": [
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"31"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"29"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"29",
"31"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://sk.se.com/doc_info.aspx?DocRef=990-9958L_EN\u0026isdvd=False\u0026df=3\u0026gid=891285"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://ckm-content.se.com/ckmContent/sfc/servlet.shepherd/document/download/0698V00000KscmiQAB"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=990-6391_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6391B.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 RPP application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"37",
"39"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 for X84P, XPDU, XRDP, PMM, and XRDP2G applications includes fixes for these vulnerabilities.\nPlease contact your local support team for application upgrade.",
"product_ids": [
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"56",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 ATS4G application include fixes for these vulnerabilities and are available for download",
"product_ids": [
"93"
],
"url": "https://www.se.com/ww/en/download/document/APC_ATS4G_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 of these cooling applications include fixes for these vulnerabilities and have been released.\nPlease contact your local support team for upgrades.",
"product_ids": [
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 NB250 application includes fixes for these vulnerabilities and has been released",
"product_ids": [
"95"
],
"url": "https://www.se.com/ww/en/download/document/APC_NB250_706_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 BM4 application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for BM4 application upgrade.",
"product_ids": [
"97"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 MDC application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for MDC application upgrade.",
"product_ids": [
"100"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
}
],
"title": "CVE-2021-22811"
},
{
"acknowledgments": [
{
"names": [
"Chua Wei Kiat",
"Thanh Nguyen"
],
"organization": "Fortinet\u2019s Fortiguard Labs"
}
],
"cve": "CVE-2021-22812",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"4",
"6",
"8",
"10",
"12",
"14",
"16",
"18",
"20",
"22",
"24",
"26",
"28",
"30",
"32",
"34",
"36",
"38",
"40",
"42",
"44",
"46",
"48",
"50",
"52",
"54",
"56",
"58",
"60",
"62",
"64",
"66",
"68",
"70",
"72",
"74",
"76",
"78",
"80",
"82",
"84",
"86",
"88",
"90",
"92",
"94",
"96",
"98",
"100",
"102",
"104",
"106",
"108",
"110",
"112",
"114",
"116",
"118",
"120",
"122",
"124",
"126",
"128",
"130"
],
"known_affected": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1"
],
"url": "https://www.apc.com/in/en/product/SFSUMX704/ups-network-management-card-v7-0-4-firmware-for-smartups-galaxy-3500-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"3",
"5"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1",
"2",
"5"
],
"url": "https://www.apc.com/in/en/product/SFSY704/ups-network-management-card-v7-0-4-firmware-for-symmetra-1phase-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SYPX application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for SYPX application upgrade.",
"product_ids": [
"7",
"9"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later for the Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (G300, GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU, CHU) includes fixes for these vulnerabilities has been released.\nPlease contact your local support team for application upgrades for these models.",
"product_ids": [
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"31"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"29"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"29",
"31"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://sk.se.com/doc_info.aspx?DocRef=990-9958L_EN\u0026isdvd=False\u0026df=3\u0026gid=891285"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://ckm-content.se.com/ckmContent/sfc/servlet.shepherd/document/download/0698V00000KscmiQAB"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=990-6391_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6391B.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 RPP application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"37",
"39"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 for X84P, XPDU, XRDP, PMM, and XRDP2G applications includes fixes for these vulnerabilities.\nPlease contact your local support team for application upgrade.",
"product_ids": [
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"56",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 ATS4G application include fixes for these vulnerabilities and are available for download",
"product_ids": [
"93"
],
"url": "https://www.se.com/ww/en/download/document/APC_ATS4G_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 of these cooling applications include fixes for these vulnerabilities and have been released.\nPlease contact your local support team for upgrades.",
"product_ids": [
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 NB250 application includes fixes for these vulnerabilities and has been released",
"product_ids": [
"95"
],
"url": "https://www.se.com/ww/en/download/document/APC_NB250_706_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 BM4 application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for BM4 application upgrade.",
"product_ids": [
"97"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 MDC application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for MDC application upgrade.",
"product_ids": [
"100"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
}
],
"title": "CVE-2021-22812"
},
{
"acknowledgments": [
{
"names": [
"Chua Wei Kiat",
"Thanh Nguyen"
],
"organization": "Fortinet\u2019s Fortiguard Labs"
}
],
"cve": "CVE-2021-22813",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"4",
"6",
"8",
"10",
"12",
"14",
"16",
"18",
"20",
"22",
"24",
"26",
"28",
"30",
"32",
"34",
"36",
"38",
"40",
"42",
"44",
"46",
"48",
"50",
"52",
"54",
"56",
"58",
"60",
"62",
"64",
"66",
"68",
"70",
"72",
"74",
"76",
"78",
"80",
"82",
"84",
"86",
"88",
"90",
"92",
"94",
"96",
"98",
"100",
"102",
"104",
"106",
"108",
"110",
"112",
"114",
"116",
"118",
"120",
"122",
"124",
"126",
"128",
"130"
],
"known_affected": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1"
],
"url": "https://www.apc.com/in/en/product/SFSUMX704/ups-network-management-card-v7-0-4-firmware-for-smartups-galaxy-3500-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"3",
"5"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1",
"2",
"5"
],
"url": "https://www.apc.com/in/en/product/SFSY704/ups-network-management-card-v7-0-4-firmware-for-symmetra-1phase-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SYPX application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for SYPX application upgrade.",
"product_ids": [
"7",
"9"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later for the Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (G300, GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU, CHU) includes fixes for these vulnerabilities has been released.\nPlease contact your local support team for application upgrades for these models.",
"product_ids": [
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"31"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"29"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"29",
"31"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://sk.se.com/doc_info.aspx?DocRef=990-9958L_EN\u0026isdvd=False\u0026df=3\u0026gid=891285"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://ckm-content.se.com/ckmContent/sfc/servlet.shepherd/document/download/0698V00000KscmiQAB"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=990-6391_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6391B.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 RPP application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"37",
"39"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 for X84P, XPDU, XRDP, PMM, and XRDP2G applications includes fixes for these vulnerabilities.\nPlease contact your local support team for application upgrade.",
"product_ids": [
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"56",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 ATS4G application include fixes for these vulnerabilities and are available for download",
"product_ids": [
"93"
],
"url": "https://www.se.com/ww/en/download/document/APC_ATS4G_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 of these cooling applications include fixes for these vulnerabilities and have been released.\nPlease contact your local support team for upgrades.",
"product_ids": [
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 NB250 application includes fixes for these vulnerabilities and has been released",
"product_ids": [
"95"
],
"url": "https://www.se.com/ww/en/download/document/APC_NB250_706_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 BM4 application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for BM4 application upgrade.",
"product_ids": [
"97"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 MDC application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for MDC application upgrade.",
"product_ids": [
"100"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
}
],
"title": "CVE-2021-22813"
},
{
"acknowledgments": [
{
"names": [
"Andrea Palanca"
],
"organization": "Nozomi Networks"
}
],
"cve": "CVE-2021-22814",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"4",
"6",
"8",
"10",
"12",
"14",
"16",
"18",
"20",
"22",
"24",
"26",
"28",
"30",
"32",
"34",
"36",
"38",
"40",
"42",
"44",
"46",
"48",
"50",
"52",
"54",
"56",
"58",
"60",
"62",
"64",
"66",
"68",
"70",
"72",
"74",
"76",
"78",
"80",
"82",
"84",
"86",
"88",
"90",
"92",
"94",
"96",
"98",
"100",
"102",
"104",
"106",
"108",
"110",
"112",
"114",
"116",
"118",
"120",
"122",
"124",
"126",
"128",
"130"
],
"known_affected": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1"
],
"url": "https://www.apc.com/in/en/product/SFSUMX704/ups-network-management-card-v7-0-4-firmware-for-smartups-galaxy-3500-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"3",
"5"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1",
"2",
"5"
],
"url": "https://www.apc.com/in/en/product/SFSY704/ups-network-management-card-v7-0-4-firmware-for-symmetra-1phase-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SYPX application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for SYPX application upgrade.",
"product_ids": [
"7",
"9"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later for the Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (G300, GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU, CHU) includes fixes for these vulnerabilities has been released.\nPlease contact your local support team for application upgrades for these models.",
"product_ids": [
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"31"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"29"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"29",
"31"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://sk.se.com/doc_info.aspx?DocRef=990-9958L_EN\u0026isdvd=False\u0026df=3\u0026gid=891285"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://ckm-content.se.com/ckmContent/sfc/servlet.shepherd/document/download/0698V00000KscmiQAB"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=990-6391_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6391B.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 RPP application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"37",
"39"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 for X84P, XPDU, XRDP, PMM, and XRDP2G applications includes fixes for these vulnerabilities.\nPlease contact your local support team for application upgrade.",
"product_ids": [
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"56",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 ATS4G application include fixes for these vulnerabilities and are available for download",
"product_ids": [
"93"
],
"url": "https://www.se.com/ww/en/download/document/APC_ATS4G_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 of these cooling applications include fixes for these vulnerabilities and have been released.\nPlease contact your local support team for upgrades.",
"product_ids": [
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 NB250 application includes fixes for these vulnerabilities and has been released",
"product_ids": [
"95"
],
"url": "https://www.se.com/ww/en/download/document/APC_NB250_706_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 BM4 application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for BM4 application upgrade.",
"product_ids": [
"97"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 MDC application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for MDC application upgrade.",
"product_ids": [
"100"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
}
],
"title": "CVE-2021-22814"
},
{
"acknowledgments": [
{
"names": [
"Chua Wei Kiat",
"Thanh Nguyen"
],
"organization": "Fortinet\u2019s Fortiguard Labs"
}
],
"cve": "CVE-2021-22815",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"2",
"4",
"6",
"8",
"10",
"12",
"14",
"16",
"18",
"20",
"22",
"24",
"26",
"28",
"30",
"32",
"34",
"36",
"38",
"40",
"42",
"44",
"46",
"48",
"50",
"52",
"54",
"56",
"58",
"60",
"62",
"64",
"66",
"68",
"70",
"72",
"74",
"76",
"78",
"80",
"82",
"84",
"86",
"88",
"90",
"92",
"94",
"96",
"98",
"100",
"102",
"104",
"106",
"108",
"110",
"112",
"114",
"116",
"118",
"120",
"122",
"124",
"126",
"128",
"130"
],
"known_affected": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1"
],
"url": "https://www.apc.com/in/en/product/SFSUMX704/ups-network-management-card-v7-0-4-firmware-for-smartups-galaxy-3500-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"3",
"5"
],
"url": "https://download.schneider-electric.com/files?p_File_Name=990-3403Z-EN.pdf\u0026p_Doc_Ref=SPD_ARAJ-9TN74X_EN\u0026p_enDocType=User+guide"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SUMX and SY applications includes fixes for these vulnerabilities and are available for download. ",
"product_ids": [
"1",
"2",
"5"
],
"url": "https://www.apc.com/in/en/product/SFSY704/ups-network-management-card-v7-0-4-firmware-for-symmetra-1phase-with-ap9630-31-35/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 SYPX application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for SYPX application upgrade.",
"product_ids": [
"7",
"9"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later for the Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (G300, GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU, CHU) includes fixes for these vulnerabilities has been released.\nPlease contact your local support team for application upgrades for these models.",
"product_ids": [
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"31"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SU_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"29"
],
"url": "https://www.se.com/ww/en/download/document/APC_NMC3_SY_1511_EN/"
},
{
"category": "vendor_fix",
"details": "V1.5 or later of the NMC3 SU and SY applications include fixes for these vulnerabilities and are available for download",
"product_ids": [
"27",
"29",
"31"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-SURELNOTE_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6322E-EN.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://download.schneider-electric.com/files?p_enDocType=Firmware\u0026p_Doc_Ref=APC_RPDU2G_706_EN\u0026p_File_Name=apc_hw05_aos704_rpdu2g706_bootmon109.exe"
},
{
"category": "vendor_fix",
"details": "V7.0.6 or later of the NMC2 RPDU2G application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"33"
],
"url": "https://sk.se.com/doc_info.aspx?DocRef=990-9958L_EN\u0026isdvd=False\u0026df=3\u0026gid=891285"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://ckm-content.se.com/ckmContent/sfc/servlet.shepherd/document/download/0698V00000KscmiQAB"
},
{
"category": "vendor_fix",
"details": "NMC3 RPDU application V1.2.0.2 with NMC3 AOS v1.5.0 includes fixes for these vulnerabilities and are available for download",
"product_ids": [
"35"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=990-6391_EN\u0026p_enDocType=User+guide\u0026p_File_Name=990-6391B.pdf"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 RPP application includes fixes for these vulnerabilities and is available for download",
"product_ids": [
"37",
"39"
],
"url": "https://www.se.com/uk/en/download/document/APC_RPP_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 for X84P, XPDU, XRDP, PMM, and XRDP2G applications includes fixes for these vulnerabilities.\nPlease contact your local support team for application upgrade.",
"product_ids": [
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"56",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 ATS4G application include fixes for these vulnerabilities and are available for download",
"product_ids": [
"93"
],
"url": "https://www.se.com/ww/en/download/document/APC_ATS4G_704_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 of these cooling applications include fixes for these vulnerabilities and have been released.\nPlease contact your local support team for upgrades.",
"product_ids": [
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 NB250 application includes fixes for these vulnerabilities and has been released",
"product_ids": [
"95"
],
"url": "https://www.se.com/ww/en/download/document/APC_NB250_706_EN/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 BM4 application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for BM4 application upgrade.",
"product_ids": [
"97"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
},
{
"category": "vendor_fix",
"details": "V7.0.4 or later of the NMC2 MDC application includes fixes for these vulnerabilities and has been released.\nPlease contact your local support team for MDC application upgrade.",
"product_ids": [
"100"
],
"url": "https://www.apc.com/us/en/support/contact-us/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"3",
"5",
"7",
"9",
"11",
"13",
"15",
"17",
"19",
"21",
"23",
"25",
"27",
"29",
"31",
"33",
"39",
"35",
"37",
"41",
"43",
"45",
"47",
"49",
"51",
"53",
"55",
"57",
"59",
"61",
"63",
"65",
"67",
"69",
"71",
"73",
"75",
"77",
"79",
"81",
"83",
"85",
"87",
"89",
"91",
"93",
"95",
"97",
"99",
"101",
"103",
"105",
"107",
"109",
"111",
"113",
"115",
"117",
"119",
"121",
"123",
"125",
"127",
"129"
]
}
],
"title": "CVE-2021-22815"
}
]
}
FKIE_CVE-2021-22811
Vulnerability from fkie_nvd - Published: 2022-01-28 20:15 - Updated: 2024-11-21 05:50
Severity ?
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@se.com | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B680F42-DA8E-4802-B156-8AB5DAE7FBBE",
"versionEndIncluding": "6.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0BD90-277B-4214-A0D2-0CFE156F3747",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D955CFE-4142-4ED1-9C66-DF97421BF491",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B11F1E08-643E-4DAC-8D41-4D620F27919D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1355F2F4-72EF-4643-82DC-5F35FAA643EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:network_management_card_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39AB64C8-1BA8-45E7-BDD0-D9280C05178B",
"versionEndIncluding": "6.9.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:ap9922_battery_management_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5658510-1BDD-4AFE-946D-36FFAD91F15B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48B862C7-A8BD-4FF4-BBFE-70137B197471",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:galaxy_g7x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D367AAD0-542D-4D79-B346-759617A9F647",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:galaxy_g9kchu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E51763D6-14F4-4F83-8391-A5ECBC17B2D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:galaxy_gcxsa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A1A88B-3B10-475C-AB0E-BD450F01B64C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:galaxy_gfc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A624A78-0441-443A-8E78-A2A554773BCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:galaxy_gvmsa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72CFF0A0-C4DA-44A5-8F55-ACD7041A14C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:galaxy_gvmts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D837D0-11FD-404F-A0CB-70908DC44D80",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:galaxy_gvxts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8C2098-FF34-482B-AC83-8C94D244A890",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:galaxy_rpp_grppip2x84:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB59B97-7253-429B-A637-051B86759F7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:gutor_gvx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21051ECC-603F-4B1D-87E3-898418646133",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:gutor_sxw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98191379-455C-48E9-A37F-56255EEE9EEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:netbotz_nbrk0250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C101890D-06AC-44DF-8AF5-FCAD321B3600",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:network_management_card_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D955CFE-4142-4ED1-9C66-DF97421BF491",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pd40e5ek20-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "591B287E-8957-456E-82B3-549D069B6CE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pd40f6fk1-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C20B242-175B-49C8-9662-47C9A7AE144F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pd40g6fk1-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62A7198F-6652-4E3D-A601-C24C8FACEAE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pd40h5ek20-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D386FD-741F-45C1-989B-DBF9335945E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pd40l6fk1-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8543ECA3-6AFB-4B08-9334-0272646F8DB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pd60f6fk1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E315DD1-C867-4D48-B898-56E3DA304206",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pd60g6fk1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED5EF3C-0CBF-41E1-A72A-E58C3AB8B90D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pd60l6fk1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CC024F-31B2-4343-8AE4-400D6C3F53FD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdpb150g6f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF4D8F03-27DD-4366-A89B-22CBD7C67D7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdpm138h-5u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C628B3-0E90-4E4C-8801-9FAA95FBD0F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdpm138h-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C3F7D6-6700-4D2E-A1BA-888B7E16D9A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdpm144f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0383E54-C675-4A3A-B100-D9C5AF03738C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdpm150g6f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E080E19A-A326-4F44-A822-C94535239BFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdpm150l6f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE8584C8-31DD-49E4-8335-CEEB5FA5ECF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdpm175g6h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8681C6E-B21D-44F0-895E-CAED4F6989A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdpm277h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21974FF3-9F0C-4B9C-AD84-5D97FC72BA42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdpm288g6h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F22D1C0-7024-4D70-8CD6-322613C36045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdpm72f-5u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88134542-3217-469F-9958-3CE0BC9157F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdrppnx10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2885AF-A708-47FF-B9F4-DA59B170A3F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pdrppnx10m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A12242E-85FB-4079-90F9-B9DD61562753",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pmm400-ala:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74A567E2-E660-4647-862A-4411B44BC1E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pmm400-alax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2397DC2-AEF6-4801-99F7-671908F1121B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pmm400-cub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F058F380-9F1C-469A-BE4D-CFE94A325937",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pmm500-ala:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08F98F3F-A700-4D3D-832A-0866BC406C99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pmm500-alax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D301B3D0-7DA7-4433-85F8-D0F6B0B2CB00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:pmm500-cub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FDCF96-81B4-4E9D-842A-60BAF8FBD63E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:rack_automatic_transfer_switches:-:*:*:*:*:*:*:*",
"matchCriteriaId": "233D8B17-03A3-4E57-A96B-1A0FEC55E711",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:symmetra_px_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1F6A74-A959-4729-80A0-B4A8976271CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:symmetra_px_160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5FACD9F-9ECC-4AD4-B88A-DAB0C80DD746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:symmetra_px_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "454AAEB3-2752-41BD-A3F6-78515D3D30E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:symmetra_px_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414089E6-4ECB-451B-8319-9BE9BFD1FCDA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:symmetra_px_40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0264FD0E-57AF-46AF-8135-1EE8782B4854",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:symmetra_px_48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D30C4D7-16D5-4426-8EB7-25F89F0417DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:symmetra_px_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6837B93-F653-49BC-A931-4FC8E800BFB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:symmetra_px_96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9AA6F1-7C6C-4A5B-85D4-31995EBF2567",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC92355-63D8-4472-84B6-6A012B1264D7",
"versionEndIncluding": "1.4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:galaxy_3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0BD90-277B-4214-A0D2-0CFE156F3747",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D86A9F-1FAB-4355-B1D9-D43EA23575D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:single-phase_symmetra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B11F1E08-643E-4DAC-8D41-4D620F27919D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:smart-ups:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1355F2F4-72EF-4643-82DC-5F35FAA643EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:network_management_card_3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9C697A-21D3-4E53-9905-CF122EBA410A",
"versionEndIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:apc_rack_power_distribution_units:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48B862C7-A8BD-4FF4-BBFE-70137B197471",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:network_management_card_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D86A9F-1FAB-4355-B1D9-D43EA23575D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)"
},
{
"lang": "es",
"value": "Una CWE-79: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de la Entrada Durante la Generaci\u00f3n de la P\u00e1gina Web (\"Cross-site Scripting\") que podr\u00eda causar una ejecuci\u00f3n de scripts cuando es interceptada la petici\u00f3n de una cuenta con privilegios que accede a la p\u00e1gina web vulnerable. Productos afectados: Sistemas de alimentaci\u00f3n ininterrumpida (SAI) monof\u00e1sicos que usan NMC2, incluidos Smart-UPS, Symmetra y Galaxy 3500 con Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS versiones V6.9.8 y anteriores), Sistema de Alimentaci\u00f3n Ininterrumpida (SAI) trif\u00e1sico usando NMC2 incluyendo Symmetra PX 250/500 (SYPX) Tarjeta de administraci\u00f3n de Red 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS versiones V6.9.6 y anteriores), sistemas de alimentaci\u00f3n ininterrumpida (SAI) trif\u00e1sicos que usan NMC2, incluidos los SAI Symmetra PX 48/96/100/160 kW (PX2), los SAI Symmetra PX 20/40 kW (SY3P), Gutor (SXW, GVX) y Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS versiones V6.9.6 y anteriores), Sistema de Alimentaci\u00f3n Ininterrumpida (SAI) monof\u00e1sico usado NMC3 incluyendo Smart-UPS, Symmetra, y Galaxy 3500 con Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS versiones V1.4.2.1 y anteriores), Unidades de distribuci\u00f3n de energ\u00eda (PDU) de rack de APC que usan NMC2 2G PDU de rack medido/conmutado con NMC2 incorporado: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS versiones V6.9.6 y anteriores), Unidades de distribuci\u00f3n de energ\u00eda (PDU) en rack de APC que usan PDU en rack medido/conmutado NMC3 2G con NMC3 integrado: APDU99xx (NMC3 AOS versiones V1.4. 0 y anteriores), productos de distribuci\u00f3n de energ\u00eda trif\u00e1sica de APC que usan NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS versiones V6.9.6 y anteriores), tarjeta de administraci\u00f3n de red 2 (NMC2) para InfraStruxure 150 kVA PDU con 84 polos (X84P): PDPB150G6F (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de Red 2 para InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de Red 2 para PDU Modular 150/175kVA (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de red 2 para 400 y 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de Red 2 para PDU Modular (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS versiones V6.9.6 y anteriores), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Interruptores de transferencia autom\u00e1tica en rack - AP44XX (ATS4G) (NMC2 AOS versiones V6.9.6 y anteriores), Tarjeta de administraci\u00f3n de red 2 (NMC2) Productos de refrigeraci\u00f3n: InRow Cooling para las series ACRP5xx, ACRP1xx, ACRD5xx y ACRC5xx SKU (ACRP2G), InRow Cooling para las series ACRC10x SKU (RC10X2G), InRow Cooling para las series ACRD6xx y ACRC6xx SKU (ACRD2G), InRow Cooling Display para las series ACRD3xx (ACRC2G), InRow Cooling para las series ACSC1xx SKUs (SC2G), InRow Cooling para las series ACRD1xx y ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display para SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV y LDWV (LEDX2G), Unidad de distribuci\u00f3n de refrigerante: ACDA9xx (RDU) (NMC2 AOS versiones V6.9.6 y anteriores), Unidad de Monitorizaci\u00f3n Ambiental con NMC2 integrado (NB250): NetBotz NBRK0250 (NMC2 AOS versiones V6.9.6 y anteriores), y Tarjeta de administraci\u00f3n de Red 2 (NMC2): AP9922 Sistema de administraci\u00f3n de la bater\u00eda (BM4) (NMC2 AOS versiones V6.9.6 y anteriores)"
}
],
"id": "CVE-2021-22811",
"lastModified": "2024-11-21T05:50:43.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-28T20:15:10.047",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2021-AVI-853
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions | ||
| N/A | N/A | versadac, toutes versions | ||
| Schneider Electric | N/A | EPack toutes versions | ||
| N/A | N/A | EPC2000 toutes versions | ||
| N/A | N/A | Modicon M262 Logic Controllers firmware version 5.1.5.35 et antérieures | ||
| N/A | N/A | SCD6000 Industrial RTU Version antérieures à SCD6000 is SY-1101211_Mand | ||
| N/A | N/A | SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et antérieures | ||
| N/A | N/A | NMC embedded devices | ||
| N/A | N/A | BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions | ||
| N/A | N/A | BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions | ||
| Schneider Electric | N/A | Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et antérieures | ||
| Symfony | process | EcoStruxure Process Expert versions antérieures à V2021 | ||
| N/A | N/A | Tricon Communication Modules versions antérieures à 11.8 | ||
| N/A | N/A | TelevisAir V3.0 Dongle BTLE (part number ADBT42* et antérieures) | ||
| Schneider Electric | Modicon M340 | Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions | ||
| Schneider Electric | N/A | Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et antérieures | ||
| Schneider Electric | N/A | T2750 PAC, toutes versions | ||
| Schneider Electric | N/A | Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et antérieures | ||
| N/A | N/A | HMISTO Series HMISTU/S5T Series toutes versions | ||
| Schneider Electric | N/A | TCSEGPA23F14F, BMECXM0100 toutes versions | ||
| N/A | N/A | HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et antérieures | ||
| N/A | N/A | BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions | ||
| N/A | N/A | Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions | ||
| N/A | N/A | Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et antérieures | ||
| N/A | N/A | Momentum ENT (170ENT11*) toutes versions | ||
| Schneider Electric | N/A | nanodac toutes versions | ||
| Schneider Electric | N/A | Network Management Card 2 (NMC2) | ||
| Schneider Electric | N/A | Schneider Electric Software Update, V2.3.0 à V2.5.1 | ||
| N/A | N/A | Network Management Card 3 (NMC3) | ||
| N/A | N/A | 6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions | ||
| Schneider Electric | N/A | BMXNOM0200 toutes versions | ||
| N/A | N/A | BMENOP0300, BMXNOR0200 toutes versions | ||
| Schneider Electric | N/A | Modicon LMC078 toutes versions | ||
| Schneider Electric | N/A | E+PLC400 toutes versions | ||
| N/A | N/A | Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et antérieures |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "versadac, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EPack toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC2000 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M262 Logic Controllers firmware version 5.1.5.35 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SCD6000 Industrial RTU Version ant\u00e9rieures \u00e0 SCD6000 is SY-1101211_Mand",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "NMC embedded devices",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 V2021",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Tricon Communication Modules versions ant\u00e9rieures \u00e0 11.8",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TelevisAir V3.0 Dongle BTLE (part number ADBT42* et ant\u00e9rieures)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "T2750 PAC, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISTO Series HMISTU/S5T Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TCSEGPA23F14F, BMECXM0100 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Momentum ENT (170ENT11*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "nanodac toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 2 (NMC2)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Software Update, V2.3.0 \u00e0 V2.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 3 (NMC3)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOM0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMENOP0300, BMXNOR0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon LMC078 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "E+PLC400 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22808",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22808"
},
{
"name": "CVE-2021-34527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
},
{
"name": "CVE-2021-22811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
},
{
"name": "CVE-2021-22813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22807"
},
{
"name": "CVE-2021-22810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
},
{
"name": "CVE-2021-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
},
{
"name": "CVE-2021-1675",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
},
{
"name": "CVE-2021-22812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
},
{
"name": "CVE-2021-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22809"
},
{
"name": "CVE-2021-22814",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-22799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22799"
},
{
"name": "CVE-2021-22816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22816"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-853",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-07 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-01 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-06 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-02 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
]
}
CERTFR-2022-AVI-436
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- PowerLogic ION Setup versions antérieures à 3.2.22096.01
- Saitel DP RTU microgiciel versions Baseline_09.00.00 à Baseline_11.06.23 antérieures à BaseLine_11.06.24
- APC Smart-UPS SRC Series ID=1004: UPS versions 14.9 et antérieures
- APC Smart-UPS SRC Series ID=1006: UPS versions 14.9 et antérieures
- APC Smart-UPS SRC Series ID=1011: UPS versions 14.9 et antérieures
- APC Smart-UPS SRC Series ID=1033: UPS versions 00.3 et antérieures
- APC Smart-UPS XU Series SRC Series ID=1017: UPS versions 02.6 et antérieures
- SmartConnect séries SMTL, SCL, et SMX version du microgiciel antérieure à 15.0
- HMISCU Vijeo Designer versions antérieures à 6.2 SP12
- Easergy MiCOM P30 range modèles C434, P132, P139, P433, P435, P437, P532, P631, P632, P633, P634 et Px36/8 versions 660 à 674
- APC Rack Power Distribution Units (PDU) utilisant NMC2 AOS versions antérieures à 7.0.6
- APC Rack Power Distribution Units (PDU) utilisant NMC3 AOS versions antérieures à 1.2.0.2
- APC 3-Phase Power Distribution Products utilisant NMC2 AOS versions antérieures à 7.0.4
- Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) versions antérieures à 7.0.4
- Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) versions antérieures à 7.0.4
- Network Management Card 2 for Modular 150/175kVA PDU (XRDP) versions antérieures à 7.0.4
- Network Management Card 2 for 400 and 500 kVA (PMM) versions antérieures à 7.0.4
- Network Management Card 2 for Modular PDU (XRDP2G) versions antérieures à 7.0.4
- Rack Automatic Transfer Switches (ATS) utilisant NMC2 AOS versions antérieures à 7.0.4
- Network Management Card 2 (NMC2) Cooling Products utilisant NMC2 AOS versions antérieures à 7.0.4
- Environmental Monitoring Unit with embedded NMC2 (NB250) utilisant NMC2 AOS versions antérieures à 7.0.4
- Network Management Card 2 (NMC2) versions antérieures à 7.0.4
- EcoStruxure Micro Data Center utilisant NMC2 AOS versions antérieures à 7.0.4
Les produits suivants ne sont plus supportés par l'éditeur :
- Wiser Smart EER21000 et EER21001 versions antérieures à 4.5
Les produits suivants ne bénéficient pas encore de correctif pour les vulnérabilités CVE-2022-22805, CVE-2022-22806 et CVE-2022-0715 :
- Smart-UPS séries SMT, SMC, SCL, SMX, SRT, SRC, XU, et SRTL
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003ePowerLogic ION Setup versions ant\u00e9rieures \u00e0 3.2.22096.01\u003c/li\u003e \u003cli\u003eSaitel DP RTU microgiciel versions Baseline_09.00.00 \u00e0 Baseline_11.06.23 ant\u00e9rieures \u00e0 BaseLine_11.06.24\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1004: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1006: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1011: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1033: UPS versions 00.3 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS XU Series SRC Series ID=1017: UPS versions 02.6 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eSmartConnect s\u00e9ries SMTL, SCL, et SMX version du microgiciel ant\u00e9rieure \u00e0 15.0\u003c/li\u003e \u003cli\u003eHMISCU Vijeo Designer versions ant\u00e9rieures \u00e0 6.2 SP12\u003c/li\u003e \u003cli\u003eEasergy MiCOM P30 range mod\u00e8les C434, P132, P139, P433, P435, P437, P532, P631, P632, P633, P634 et Px36/8 versions 660 \u00e0 674\u003c/li\u003e \u003cli\u003eAPC Rack Power Distribution Units (PDU) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.6\u003c/li\u003e \u003cli\u003eAPC Rack Power Distribution Units (PDU) utilisant NMC3 AOS versions ant\u00e9rieures \u00e0 1.2.0.2\u003c/li\u003e \u003cli\u003eAPC 3-Phase Power Distribution Products utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for Modular 150/175kVA PDU (XRDP) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for 400 and 500 kVA (PMM) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for Modular PDU (XRDP2G) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eRack Automatic Transfer Switches (ATS) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) Cooling Products utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eEnvironmental Monitoring Unit with embedded NMC2 (NB250) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eEcoStruxure Micro Data Center utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes produits suivants ne sont plus support\u00e9s par l\u0027\u00e9diteur :\u003c/p\u003e \u003cul\u003e \u003cli\u003eWiser Smart EER21000 et EER21001 versions ant\u00e9rieures \u00e0 4.5\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes produits suivants ne b\u00e9n\u00e9ficient pas encore de correctif pour les vuln\u00e9rabilit\u00e9s CVE-2022-22805, CVE-2022-22806 et CVE-2022-0715 :\u003c/p\u003e \u003cul\u003e \u003cli\u003eSmart-UPS s\u00e9ries SMT, SMC, SCL, SMX, SRT, SRC, XU, et SRTL\u003c/li\u003e \u003c/ul\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30236"
},
{
"name": "CVE-2021-22811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
},
{
"name": "CVE-2021-22813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
},
{
"name": "CVE-2022-30233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30233"
},
{
"name": "CVE-2022-30238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30238"
},
{
"name": "CVE-2022-6996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-6996"
},
{
"name": "CVE-2021-22810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
},
{
"name": "CVE-2021-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
},
{
"name": "CVE-2022-22806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
},
{
"name": "CVE-2022-30234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30234"
},
{
"name": "CVE-2022-0715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
},
{
"name": "CVE-2021-22812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
},
{
"name": "CVE-2022-30232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30232"
},
{
"name": "CVE-2020-6996",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6996"
},
{
"name": "CVE-2022-30235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30235"
},
{
"name": "CVE-2022-22805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
},
{
"name": "CVE-2021-22814",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
},
{
"name": "CVE-2022-30237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30237"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-436",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-10T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens",
"revision_date": "2022-08-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-01 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-01_PowerLogic_ION_Setup_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-02 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-02_Saitel_DP_RTU_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V7.0.pdf\u0026p_Doc_Ref=SEVD-2021-313-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-03 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-03_WiserSmart_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-03_APC_NMC_Security_Notification_V2.0.pdf\u0026p_Doc_Ref=SEVD-2021-313-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf"
}
]
}
CERTFR-2022-AVI-436
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- PowerLogic ION Setup versions antérieures à 3.2.22096.01
- Saitel DP RTU microgiciel versions Baseline_09.00.00 à Baseline_11.06.23 antérieures à BaseLine_11.06.24
- APC Smart-UPS SRC Series ID=1004: UPS versions 14.9 et antérieures
- APC Smart-UPS SRC Series ID=1006: UPS versions 14.9 et antérieures
- APC Smart-UPS SRC Series ID=1011: UPS versions 14.9 et antérieures
- APC Smart-UPS SRC Series ID=1033: UPS versions 00.3 et antérieures
- APC Smart-UPS XU Series SRC Series ID=1017: UPS versions 02.6 et antérieures
- SmartConnect séries SMTL, SCL, et SMX version du microgiciel antérieure à 15.0
- HMISCU Vijeo Designer versions antérieures à 6.2 SP12
- Easergy MiCOM P30 range modèles C434, P132, P139, P433, P435, P437, P532, P631, P632, P633, P634 et Px36/8 versions 660 à 674
- APC Rack Power Distribution Units (PDU) utilisant NMC2 AOS versions antérieures à 7.0.6
- APC Rack Power Distribution Units (PDU) utilisant NMC3 AOS versions antérieures à 1.2.0.2
- APC 3-Phase Power Distribution Products utilisant NMC2 AOS versions antérieures à 7.0.4
- Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) versions antérieures à 7.0.4
- Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) versions antérieures à 7.0.4
- Network Management Card 2 for Modular 150/175kVA PDU (XRDP) versions antérieures à 7.0.4
- Network Management Card 2 for 400 and 500 kVA (PMM) versions antérieures à 7.0.4
- Network Management Card 2 for Modular PDU (XRDP2G) versions antérieures à 7.0.4
- Rack Automatic Transfer Switches (ATS) utilisant NMC2 AOS versions antérieures à 7.0.4
- Network Management Card 2 (NMC2) Cooling Products utilisant NMC2 AOS versions antérieures à 7.0.4
- Environmental Monitoring Unit with embedded NMC2 (NB250) utilisant NMC2 AOS versions antérieures à 7.0.4
- Network Management Card 2 (NMC2) versions antérieures à 7.0.4
- EcoStruxure Micro Data Center utilisant NMC2 AOS versions antérieures à 7.0.4
Les produits suivants ne sont plus supportés par l'éditeur :
- Wiser Smart EER21000 et EER21001 versions antérieures à 4.5
Les produits suivants ne bénéficient pas encore de correctif pour les vulnérabilités CVE-2022-22805, CVE-2022-22806 et CVE-2022-0715 :
- Smart-UPS séries SMT, SMC, SCL, SMX, SRT, SRC, XU, et SRTL
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003ePowerLogic ION Setup versions ant\u00e9rieures \u00e0 3.2.22096.01\u003c/li\u003e \u003cli\u003eSaitel DP RTU microgiciel versions Baseline_09.00.00 \u00e0 Baseline_11.06.23 ant\u00e9rieures \u00e0 BaseLine_11.06.24\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1004: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1006: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1011: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1033: UPS versions 00.3 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS XU Series SRC Series ID=1017: UPS versions 02.6 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eSmartConnect s\u00e9ries SMTL, SCL, et SMX version du microgiciel ant\u00e9rieure \u00e0 15.0\u003c/li\u003e \u003cli\u003eHMISCU Vijeo Designer versions ant\u00e9rieures \u00e0 6.2 SP12\u003c/li\u003e \u003cli\u003eEasergy MiCOM P30 range mod\u00e8les C434, P132, P139, P433, P435, P437, P532, P631, P632, P633, P634 et Px36/8 versions 660 \u00e0 674\u003c/li\u003e \u003cli\u003eAPC Rack Power Distribution Units (PDU) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.6\u003c/li\u003e \u003cli\u003eAPC Rack Power Distribution Units (PDU) utilisant NMC3 AOS versions ant\u00e9rieures \u00e0 1.2.0.2\u003c/li\u003e \u003cli\u003eAPC 3-Phase Power Distribution Products utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for Modular 150/175kVA PDU (XRDP) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for 400 and 500 kVA (PMM) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for Modular PDU (XRDP2G) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eRack Automatic Transfer Switches (ATS) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) Cooling Products utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eEnvironmental Monitoring Unit with embedded NMC2 (NB250) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eEcoStruxure Micro Data Center utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes produits suivants ne sont plus support\u00e9s par l\u0027\u00e9diteur :\u003c/p\u003e \u003cul\u003e \u003cli\u003eWiser Smart EER21000 et EER21001 versions ant\u00e9rieures \u00e0 4.5\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes produits suivants ne b\u00e9n\u00e9ficient pas encore de correctif pour les vuln\u00e9rabilit\u00e9s CVE-2022-22805, CVE-2022-22806 et CVE-2022-0715 :\u003c/p\u003e \u003cul\u003e \u003cli\u003eSmart-UPS s\u00e9ries SMT, SMC, SCL, SMX, SRT, SRC, XU, et SRTL\u003c/li\u003e \u003c/ul\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30236"
},
{
"name": "CVE-2021-22811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
},
{
"name": "CVE-2021-22813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
},
{
"name": "CVE-2022-30233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30233"
},
{
"name": "CVE-2022-30238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30238"
},
{
"name": "CVE-2022-6996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-6996"
},
{
"name": "CVE-2021-22810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
},
{
"name": "CVE-2021-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
},
{
"name": "CVE-2022-22806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
},
{
"name": "CVE-2022-30234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30234"
},
{
"name": "CVE-2022-0715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
},
{
"name": "CVE-2021-22812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
},
{
"name": "CVE-2022-30232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30232"
},
{
"name": "CVE-2020-6996",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6996"
},
{
"name": "CVE-2022-30235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30235"
},
{
"name": "CVE-2022-22805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
},
{
"name": "CVE-2021-22814",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
},
{
"name": "CVE-2022-30237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30237"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-436",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-10T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens",
"revision_date": "2022-08-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-01 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-01_PowerLogic_ION_Setup_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-02 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-02_Saitel_DP_RTU_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V7.0.pdf\u0026p_Doc_Ref=SEVD-2021-313-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-03 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-03_WiserSmart_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-03_APC_NMC_Security_Notification_V2.0.pdf\u0026p_Doc_Ref=SEVD-2021-313-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 10 mai 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf"
}
]
}
CERTFR-2021-AVI-853
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions | ||
| N/A | N/A | versadac, toutes versions | ||
| Schneider Electric | N/A | EPack toutes versions | ||
| N/A | N/A | EPC2000 toutes versions | ||
| N/A | N/A | Modicon M262 Logic Controllers firmware version 5.1.5.35 et antérieures | ||
| N/A | N/A | SCD6000 Industrial RTU Version antérieures à SCD6000 is SY-1101211_Mand | ||
| N/A | N/A | SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et antérieures | ||
| N/A | N/A | NMC embedded devices | ||
| N/A | N/A | BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions | ||
| N/A | N/A | BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions | ||
| Schneider Electric | N/A | Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et antérieures | ||
| Symfony | process | EcoStruxure Process Expert versions antérieures à V2021 | ||
| N/A | N/A | Tricon Communication Modules versions antérieures à 11.8 | ||
| N/A | N/A | TelevisAir V3.0 Dongle BTLE (part number ADBT42* et antérieures) | ||
| Schneider Electric | Modicon M340 | Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions | ||
| Schneider Electric | N/A | Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et antérieures | ||
| Schneider Electric | N/A | T2750 PAC, toutes versions | ||
| Schneider Electric | N/A | Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et antérieures | ||
| N/A | N/A | HMISTO Series HMISTU/S5T Series toutes versions | ||
| Schneider Electric | N/A | TCSEGPA23F14F, BMECXM0100 toutes versions | ||
| N/A | N/A | HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et antérieures | ||
| N/A | N/A | BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions | ||
| N/A | N/A | Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions | ||
| N/A | N/A | Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et antérieures | ||
| N/A | N/A | Momentum ENT (170ENT11*) toutes versions | ||
| Schneider Electric | N/A | nanodac toutes versions | ||
| Schneider Electric | N/A | Network Management Card 2 (NMC2) | ||
| Schneider Electric | N/A | Schneider Electric Software Update, V2.3.0 à V2.5.1 | ||
| N/A | N/A | Network Management Card 3 (NMC3) | ||
| N/A | N/A | 6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions | ||
| Schneider Electric | N/A | BMXNOM0200 toutes versions | ||
| N/A | N/A | BMENOP0300, BMXNOR0200 toutes versions | ||
| Schneider Electric | N/A | Modicon LMC078 toutes versions | ||
| Schneider Electric | N/A | E+PLC400 toutes versions | ||
| N/A | N/A | Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et antérieures |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "versadac, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EPack toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC2000 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M262 Logic Controllers firmware version 5.1.5.35 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SCD6000 Industrial RTU Version ant\u00e9rieures \u00e0 SCD6000 is SY-1101211_Mand",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "NMC embedded devices",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 V2021",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Tricon Communication Modules versions ant\u00e9rieures \u00e0 11.8",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TelevisAir V3.0 Dongle BTLE (part number ADBT42* et ant\u00e9rieures)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "T2750 PAC, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISTO Series HMISTU/S5T Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TCSEGPA23F14F, BMECXM0100 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Momentum ENT (170ENT11*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "nanodac toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 2 (NMC2)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Software Update, V2.3.0 \u00e0 V2.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 3 (NMC3)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOM0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMENOP0300, BMXNOR0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon LMC078 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "E+PLC400 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22808",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22808"
},
{
"name": "CVE-2021-34527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
},
{
"name": "CVE-2021-22811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
},
{
"name": "CVE-2021-22813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22807"
},
{
"name": "CVE-2021-22810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
},
{
"name": "CVE-2021-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
},
{
"name": "CVE-2021-1675",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
},
{
"name": "CVE-2021-22812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
},
{
"name": "CVE-2021-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22809"
},
{
"name": "CVE-2021-22814",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-22799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22799"
},
{
"name": "CVE-2021-22816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22816"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-853",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-07 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-01 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-06 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-02 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…