The Schneider Electric C-Gate running on the remote host is affected by multiple vulnerabilities :

  - A path traversal vulnerability exists within the processing of     commands sent to the C-Gate server. The issue results from the     lack of proper validation of a user-supplied path prior to using     it in file operations. An authenticated, remote attacker can     leverage this vulnerability to execute code in the context of     SYSTEM. (CVE-2021-22717)

  - A path traversal vulnerability exists within the processing of     commands sent to the C-Gate server. The issue results from the     lack of proper validation of user-supplied data, which can allow     the upload of arbitrary files. An authenticated, remote attacker     can leverage this vulnerability to execute code in the context of     SYSTEM. (CVE-2021-22719)

  - A path traversal vulnerability exists within the processing of     commands sent to the C-Gate server. The issue results from the     lack of proper validation of a user-supplied path prior to using     it in file operations. An authenticated, remote attacker can     leverage this vulnerability to disclose information in the     context of SYSTEM. (CVE-2021-22720)

Note that Nessus has not tested for the issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Schneider Electric C-Gate < 2.11.6 Multiple Vulnerabilities

high Nessus Plugin ID 149971

Version 1.87