CVE-2021-22731 — CRITICAL (9.8)

Q: How severe is CVE-2021-22731?

CVE-2021-22731 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-22731?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Mcsesp083F23G0 Firmware, Schneider-Electric Mcsesp083F23G0, Schneider-Electric Mcsesp083F23G0T Firmware, Schneider-Electric Mcsesp083F23G0T, Schneider-Electric Mcsesm043F23F0 Firmware.

Vulnerability Description

Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Mcsesp083F23G0 Firmware	< 8.22
Schneider-Electric	Mcsesp083F23G0	-
Schneider-Electric	Mcsesp083F23G0T Firmware	< 8.22
Schneider-Electric	Mcsesp083F23G0T	-
Schneider-Electric	Mcsesm043F23F0 Firmware	< 8.22
Schneider-Electric	Mcsesm043F23F0	-
Schneider-Electric	Mcsesm053F1Cu0 Firmware	< 8.22
Schneider-Electric	Mcsesm053F1Cu0	-
Schneider-Electric	Mcsesm063F2Cu0 Firmware	< 8.22
Schneider-Electric	Mcsesm063F2Cu0	-
Schneider-Electric	Mcsesm053F1Cs0 Firmware	< 8.22
Schneider-Electric	Mcsesm053F1Cs0	-
Schneider-Electric	Mcsesm063F2Cs0 Firmware	< 8.22
Schneider-Electric	Mcsesm063F2Cs0	-
Schneider-Electric	Mcsesm083F23F0 Firmware	< 8.22
Schneider-Electric	Mcsesm083F23F0	-
Schneider-Electric	Mcsesm103F2Cu0 Firmware	< 8.22
Schneider-Electric	Mcsesm103F2Cu0	-
Schneider-Electric	Mcsesm083F23F0H Firmware	< 8.22
Schneider-Electric	Mcsesm083F23F0H	-

Related Weaknesses (CWE)

CWE-640

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-01PatchVendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-01PatchVendor Advisory

FAQ

What is CVE-2021-22731?

CVE-2021-22731 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTT...

How severe is CVE-2021-22731?

CVE-2021-22731 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-22731?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Mcsesp083F23G0 Firmware, Schneider-Electric Mcsesp083F23G0, Schneider-Electric Mcsesp083F23G0T Firmware, Schneider-Electric Mcsesp083F23G0T, Schneider-Electric Mcsesm043F23F0 Firmware.