Schneider Electric C-Bus Toolkit

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities may allow remote code execution.

CVE-2021-22716 CVE-2021-22717 CVE-2021-22718 CVE-2021-22719 CVE-2021-22720

Schneider Electric recommends users update to the latest version available. A reboot will be needed after the update.
If users choose not to apply the remediation provided above they should immediately apply the following mitigations to reduce the risk of exploit: Use an allow list for this application. Turn on the workstation’s firewall. Use an antivirus program. Secure the workstation from unauthorized personnel.
Please see Schneider Electric’s publication SEVD-2021-103-01 for more information.

Schneider Electric Software, LLC

Schneider Electric Software, LLC · C-Bus Toolkit <= 1.15.7

Commercial Facilities

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.