CVE-2021-22799

LOW

Schneider Electric Software Update <2.5.1 - SSRF

Title source: llm

Description

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1

References (1)

[Patch, Vendor Advisory] https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02

Scores

CVSS v3 3.8

EPSS 0.0005

EPSS Percentile 16.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Details

CWE

CWE-331

Status published

Products (1)

schneider-electric/software_update 2.3.0 - 2.5.2

Published Jan 28, 2022

Tracked Since Feb 18, 2026