{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T20:05:14.434","vulnerabilities":[{"cve":{"id":"CVE-2021-22698","sourceIdentifier":"cybersecurity@se.com","published":"2021-01-26T18:16:18.927","lastModified":"2024-11-21T05:50:29.123","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed."},{"lang":"es","value":"CWE-434: Se presenta una vulnerabilidad de Carga Sin Restricciones de Archivo con Tipo Peligroso en el software EcoStruxure Power Build - Rapsody (versiones V2.1.13 y anteriores) que podría permitir que ocurra un desbordamiento del búfer en la región stack de la memoria que podría resultar en una ejecución de código remota cuando un archivo SSD es cargado y analizado inapropiadamente"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_power_build_-_rapsody:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.13","matchCriteriaId":"E458DE1E-6488-4F4A-BD96-7E46DA716BC5"}]}]}],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-012-01","source":"cybersecurity@se.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2021-012-02/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-187/","source":"cybersecurity@se.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-012-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2021-012-02/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-187/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}