SEVD-2021-285-05
Schneider Electric is aware of multiple Microsoft Windows vulnerabilities in its Schneider Conext™ Advisor 2 & Conext™ Control V2 products. The Conext™ Advisor 2 is a web portal with an efficient, task-oriented interface for managing and optimizing the performance of solar power plants and includes a complete suite of tools for professional users. The Conext™ Control V2 is a Solar Power Plant monitoring solution. Failure to apply the remediations provided below may risk remote code execution, which could result in undesired behavior within the operating system. An attacker who successfully exploits this vulnerability could execute arbitrary code on the target system and then install programs; view, change, or delete data; or create new accounts with full user rights.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric Conext™ Advisor 2 Gateway 1.28.45 and below | ||
| Schneider Electric Conext™ Control V2 Gateway 2.6 and below | ||
| Schneider Electric Microsoft Windows 10 | ||
| Schneider Electric Conext™ Advisor 2 Cloud 2.02 and below |
Timeline
- May 23, 2014 PoC Published
- Jan 21, 2020 PoC Published
- Jun 26, 2020 PoC Published
- Aug 17, 2020 PoC Published
- Sep 17, 2020 PoC Published
- Oct 3, 2020 PoC Published
- Oct 12, 2021 CVE Published
- Dec 8, 2021 PoC Published
- Nov 29, 2024 PoC Published
- Dec 19, 2024 PoC Published
- Jan 31, 2025 PoC Published
- Feb 13, 2025 PoC Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-285-05_Conext_Advisor_and_Conext_Control_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2021-285-05.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://www.microsoft.com/en-in/software-download/windows10 fix