Multiple vulnerabilities in Schneider Electric SCADApack RTU, Modicon Controllers and Software
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2021-22778 CVE-2021-22780 CVE-2021-22781 CVE-2021-22782 |
| CWE-ID | CWE-522 CWE-311 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
EcoStruxure Process Expert Server applications / SCADA systems SCADAPack RemoteConnect for x70 Server applications / SCADA systems SCADAPack 470 Server applications / SCADA systems SCADAPack 474 Server applications / SCADA systems SCADAPack 570 Server applications / SCADA systems SCADAPack 574 Server applications / SCADA systems SCADAPack 575 RTUs Server applications / SCADA systems EcoStruxure Control Expert Server applications / SCADA systems |
| Vendor | Schneider Electric |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Insufficiently protected credentials
EUVDB-ID: #VU54862
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22778
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficiently protected credentials. A remote attacker can use a specially crafted project file and read protected derived function blocks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEcoStruxure Process Expert: All versions
SCADAPack RemoteConnect for x70: All versions
SCADAPack 470: All versions
SCADAPack 474: All versions
SCADAPack 570: All versions
SCADAPack 574: All versions
SCADAPack 575 RTUs: All versions
EcoStruxure Control Expert: before 15.0 SP1
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-194-02
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficiently protected credentials
EUVDB-ID: #VU54864
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22780
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficiently protected credentials. A remote authenticated attacker can gain unauthorized access to a project file protected by a password when this file is shared with untrusted sources and view and modify a project file.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEcoStruxure Process Expert: All versions
SCADAPack RemoteConnect for x70: All versions
SCADAPack 470: All versions
SCADAPack 474: All versions
SCADAPack 570: All versions
SCADAPack 574: All versions
SCADAPack 575 RTUs: All versions
EcoStruxure Control Expert: before 15.0 SP1
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-194-02
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insufficiently protected credentials
EUVDB-ID: #VU54865
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22781
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficiently protected credentials. A remote attacker can access a project file and cause a leak of SMTP credentials.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEcoStruxure Process Expert: All versions
SCADAPack RemoteConnect for x70: All versions
SCADAPack 470: All versions
SCADAPack 474: All versions
SCADAPack 570: All versions
SCADAPack 574: All versions
SCADAPack 575 RTUs: All versions
EcoStruxure Control Expert: before 15.0 SP1
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-194-02
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Missing Encryption of Sensitive Data
EUVDB-ID: #VU54866
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22782
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a missing encryption of sensitive data issue. A remote attacker can access a project file and cause an information leak allowing disclosure of network and process information, credentials, or intellectual property.
MitigationInstall updates from vendor's website.
EcoStruxure Process Expert: All versions
SCADAPack RemoteConnect for x70: All versions
SCADAPack 470: All versions
SCADAPack 474: All versions
SCADAPack 570: All versions
SCADAPack 574: All versions
SCADAPack 575 RTUs: All versions
EcoStruxure Control Expert: before 15.0 SP1
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-194-02
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
http://ics-cert.kaspersky.com/advisories/2022/05/20/klcert-21-007-schneider-electric-ecostruxure-control-expert-process-expert-scadapack-remoteconnect-for-x70-information-leak-from-project-file/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
