Login Sign Up

CVE-2021-22827

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote code execution through improper input validation in Schneider Electric's EcoStruxure Power Monitoring Expert software. Attackers can execute arbitrary code by tricking users into visiting a malicious webpage containing injected payloads. Organizations using version 9.0 or earlier of this industrial power monitoring software are affected.

💻 Affected Systems

Products:
  • EcoStruxure Power Monitoring Expert
Versions: 9.0 and all prior versions
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of the specified versions regardless of configuration.

📦 What is this software?

Ecostruxure Power Monitoring Expert by Schneider Electric

View all CVEs affecting Ecostruxure Power Monitoring Expert →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Power Monitoring Expert system leading to industrial control system disruption, data theft, or lateral movement into operational technology networks.

🟠

Likely Case

Attacker gains control of the monitoring system to manipulate power data, disrupt monitoring capabilities, or use as foothold for further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and user awareness preventing malicious page access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (visiting malicious page) but no authentication to the target system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 9.1 or later

Vendor Advisory: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03

Restart Required: Yes

Instructions:

1. Download the update from Schneider Electric's website. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the system. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Power Monitoring Expert systems from untrusted networks and user workstations.

User Awareness

all

Train users not to visit untrusted websites while using the monitoring system.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the system from internet and user workstations
  • Deploy web application firewall rules to block malicious payload patterns

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About menu. If version is 9.0 or earlier, system is vulnerable.

Check Version:

Check via GUI: Help > About in Power Monitoring Expert application

Verify Fix Applied:

Verify version is 9.1 or later in Help > About menu and test monitoring functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process execution from web browser context
  • Unexpected network connections from monitoring system

Network Indicators:

  • HTTP requests containing suspicious payload patterns to monitoring system

SIEM Query:

source="PowerMonitoringExpert" AND (process="cmd.exe" OR process="powershell.exe")

📊 Metadata

CVE ID: CVE-2021-22827
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: January 28, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22827, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)