SB2021071415 - Multiple vulnerabilities in Schneider Electric SCADApack RTU, Modicon Controllers and Software
Published: July 14, 2021 Updated: June 2, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Authentication Bypass by Spoofing (CVE-ID: CVE-2021-22779)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the authentication bypass by spoofing issue. A remote attacker can gain unauthorized access in read and write mode to the controller.2) Deserialization of Untrusted Data (CVE-ID: CVE-2020-12525)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote authenticated attacker can use a specially crafted project file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
This vulnerability affects the following versions:
- fdtCONTAINER component
- Versions between 3.5.0 and 3.5.20304.x
- Versions between 3.6.0 and 3.6.20304.x
- Versions older than 3.5
- fdtCONTAINER application
- Versions between 4.5.0 and 4.5.20304.x
- Versions between 4.6.0 and 4.6.20304.x
- Versions older than 4.5
- dtmINSPECTOR Version 3 (Based on FDT 1.2.x)
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-02
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-02"
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-02</a></p><p>
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01</p><p><br></p>