cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-22815,https://securityvulnerability.io/vulnerability/CVE-2021-22815,Information Exposure Vulnerability in Schneider Electric UPS and Power Distribution Products,"An information exposure vulnerability allows unauthorized access to sensitive troubleshooting archives in various Schneider Electric Uninterruptible Power Supply (UPS) products and associated Network Management Card systems. This flaw primarily affects multiple models of Smart-UPS, Symmetra, Galaxy, and APC Power Distribution Units using NMC2 and NMC3, potentially exposing critical operational data. Users may inadvertently disclose sensitive information due to misconfigured access controls, which could be exploited by attackers to gain deeper insight into system configurations and operations. Proper security practices and updates are essential to mitigate risks associated with this vulnerability.",Schneider Electric,Network Management Card 2 Firmware,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-01-28T19:09:49.000Z,0
CVE-2021-22814,https://securityvulnerability.io/vulnerability/CVE-2021-22814,Cross-site Scripting Vulnerability in APC and Schneider Electric Products,"A cross-site scripting vulnerability exists in specific versions of Network Management Cards (NMC2) by Schneider Electric. This flaw allows an attacker to execute arbitrary scripts in the context of a user's session when malicious files are read and displayed. This vulnerability affects a wide range of products, including various uninterruptible power supplies (UPS), rack power distribution units, and environmental monitoring equipment, making it essential for users to apply recommended security patches and updates.",Schneider Electric,Network Management Card 2 Firmware,6.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2022-01-28T19:09:48.000Z,0
CVE-2021-22813,https://securityvulnerability.io/vulnerability/CVE-2021-22813,Cross-site Scripting Vulnerability in Schneider Electric's Network Management Card Products,"A Cross-site Scripting vulnerability exists in Schneider Electric’s Network Management Cards, allowing the execution of arbitrary scripts. This occurs when a privileged account clicks on a specifically crafted malicious URL targeting an edit policy file, potentially leading to unauthorized actions within the application. Various models of UPS, APC Rack PDUs, cooling products, and network management cards are affected, emphasizing the importance of prompt security assessments and updates.",Schneider Electric,Network Management Card 2 Firmware,6.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2022-01-28T19:09:47.000Z,0
CVE-2021-22812,https://securityvulnerability.io/vulnerability/CVE-2021-22812,Cross-Site Scripting Vulnerability in Schneider Electric's Network Management Cards,"A cross-site scripting vulnerability exists in Schneider Electric's Network Management Cards, which allows an attacker to execute arbitrary scripts if a privileged user clicks on a specially crafted malicious URL. This can compromise the integrity of the web application and may lead to unauthorized access to sensitive information.",Schneider Electric,Network Management Card 2 Firmware,6.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2022-01-28T19:09:46.000Z,0
CVE-2021-22811,https://securityvulnerability.io/vulnerability/CVE-2021-22811,Cross-site Scripting Vulnerability in Schneider Electric UPS Products,"A vulnerability exists in Schneider Electric's UPS products that allows unauthorized script execution due to improper input validation. This security flaw occurs when a request made by a privileged account is intercepted while accessing a vulnerable web page. Attackers can exploit this issue to execute arbitrary scripts in the context of the user's session, potentially compromising sensitive information and system integrity. Affected versions operate under Network Management Card (NMC2 and NMC3) AOS specifications revealing the critical need for updates and patches to safeguard against exploitation.",Schneider Electric,Network Management Card 2 Firmware,6.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2022-01-28T19:09:45.000Z,0
CVE-2021-22810,https://securityvulnerability.io/vulnerability/CVE-2021-22810,Cross-Site Scripting Vulnerability in APC Network Management Cards,"A Cross-Site Scripting vulnerability exists in Schneider Electric's APC Network Management Cards that could allow an attacker to execute arbitrary scripts via a malicious URL. Specifically, this flaw can be exploited if a privileged user accesses a specially crafted URL targeting a delete policy file. The vulnerability affects various models of 1-Phase and 3-Phase UPS systems, Power Distribution Units, and environmental monitoring units, particularly those running outdated versions of the NMC firmware. This threat can lead to unauthorized actions and data exposure if not mitigated promptly.",Schneider Electric,Network Management Card 2 Firmware,6.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2022-01-28T19:09:44.000Z,0
CVE-2021-22825,https://securityvulnerability.io/vulnerability/CVE-2021-22825,Sensitive Information Exposure in Schneider Electric Products,"This vulnerability allows an attacker to potentially gain unauthorized access to sensitive information by exploiting the security token of a privileged account. If a user with elevated privileges clicks on a malicious URL, it may result in the exposure of sensitive data, leading to severe implications for system integrity and security. Administrators should ensure their devices run the latest software versions to mitigate this risk.",Schneider Electric,Rack Power Distribution Unit With Network Management Card 2 Firmware,8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-01-28T19:09:40.000Z,0