{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T15:59:57.690","vulnerabilities":[{"cve":{"id":"CVE-2021-22803","sourceIdentifier":"cybersecurity@se.com","published":"2022-02-11T18:15:09.353","lastModified":"2024-11-21T05:50:42.090","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)"},{"lang":"es","value":"Una CWE-434: Se presenta una vulnerabilidad de Carga no Restringida de Archivos con Tipo Peligroso que podría conllevar a una ejecución de código remota mediante una serie de rutas, cuando un atacante, escribe archivos arbitrarios en carpetas en el contexto del módulo DC, mediante el envío de mensajes construidos en la red. Producto afectado: Interactive Graphical SCADA System Data Collector (dc.exe) (versiones V15.0.0.21243 y anteriores)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:interactive_graphical_scada_system_data_collector:*:*:*:*:*:*:*:*","versionEndIncluding":"15.0.0.21243","matchCriteriaId":"43B54FDD-0C25-407A-837F-10F321D3F8A1"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03","source":"cybersecurity@se.com","tags":["Patch","Vendor Advisory"]},{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}