Stack-Based Buffer Overflow in EcoStruxure Power Build - Rapsody Software Allows Remote Code Execution via Unrestricted File Upload

Stack-Based Buffer Overflow in EcoStruxure Power Build - Rapsody Software Allows Remote Code Execution via Unrestricted File Upload

CVE-2021-22698 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.

Learn more about our Web Application Penetration Testing UK.