Rewterz Threat Advisory – Multiple Adobe After Effect and Lightroom Vulnerabilities
December 17, 2021Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft Vulnerability
December 17, 2021Rewterz Threat Advisory – Multiple Adobe After Effect and Lightroom Vulnerabilities
December 17, 2021Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft Vulnerability
December 17, 2021Severity
High
Analysis Summary
CVE-2021-22825
The affected product is vulnerable to cross-site scripting, which could allow an attacker to access the system with elevated privileges and compromise the security token when a privileged account user clicks on a malicious URL.
Impact
- Cross-Site Scripting
Affected Vendors
- Schneider Electric
Affected Products
- AP7xxxx and AP8xxx with NMC2: v6.9.6 and prior
- AP7xxx and AP8xxx with NMC3: v1.1.0.3 and prior
- APDU9xxx with NMC3: v1.0.0.28 and prior
Remediation
Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.