VDB
SEVD-2021-103-01
SEVD-2021-103-01
PUBLISHED
CVSS 7.800000190734863 HIGH
Schneider Electric is aware of multiple vulnerabilities in its C-Bus Toolkit and C-Gate server products. The C-Bus Toolkit product, which includes C-Gate Server, is an application you run on your personal computer to configure and commission C-Bus Installations. Failure to apply the remediations provided below may risk remote code execution attack, which could result in an attacker having remote access to the computer. November 2022 Update: The CWE for CVE-2021-22716 has been updated (marked in red). No additional action is required for customers who have already followed the remediation instructions provided below.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric C-Gate Server 2.11.8 | ||
| Schneider Electric C-Gate Server <2.11.7 | ||
| Schneider Electric C-Bus Toolkit 1.15.10 | ||
| Schneider Electric C-Bus Toolkit <1.15.9 |
Timeline
- Apr 13, 2021 CVE Published
- Nov 8, 2022 CVE Updated
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-103-01_C-Bus_Toolkit_C-Gate_Server_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2021-103-01.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ advisory
- https://www.se.com/ww/en/product-range/2216-spacelogic-c-bus-home-automation-system/?parent-subcategory-id=88010&filter=business-5-residential-and-small-business----software-firmware-tab#software-and-firmware fix