Insufficiently protected credentials in Schneider Electric products - CVE-2021-22781
Published: July 14, 2021
Vulnerability identifier: #VU54865
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-22781
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Schneider Electric
Affected software:
EcoStruxure Process Expert
SCADAPack RemoteConnect for x70
SCADAPack 470
SCADAPack 474
SCADAPack 570
SCADAPack 574
SCADAPack 575 RTUs
EcoStruxure Control Expert
EcoStruxure Process Expert
SCADAPack RemoteConnect for x70
SCADAPack 470
SCADAPack 474
SCADAPack 570
SCADAPack 574
SCADAPack 575 RTUs
EcoStruxure Control Expert
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficiently protected credentials. A remote attacker can access a project file and cause a leak of SMTP credentials.
How to mitigate CVE-2021-22781
Install updates from vendor's website.