Remote Code Execution Vulnerability in EcoStruxure Power Build - Rapsody Software

Remote Code Execution Vulnerability in EcoStruxure Power Build - Rapsody Software

CVE-2021-22697 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.

Learn more about our Web Application Penetration Testing UK.