#VU54863 Authentication Bypass by Spoofing in Schneider Electric products - CVE-2021-22779

Cybersecurity Help s.r.o.

Published: 2021-07-14 | Updated: 2022-06-02

Vulnerability identifier: #VU54863

Vulnerability risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2021-22779

CWE-ID: CWE-290

Exploitation vector: Network

Exploit availability: No

Vendor: Schneider Electric

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the authentication bypass by spoofing issue. A remote attacker can gain unauthorized access in read and write mode to the controller.

Mitigation
Install update from vendor's website.

Vulnerable software versions

EcoStruxure Process Expert: before V2021

SCADAPack RemoteConnect for x70: All versions

SCADAPack 470: All versions

SCADAPack 474: All versions

SCADAPack 570: All versions

SCADAPack 574: All versions

SCADAPack 575 RTUs: All versions

Modicon M580: All versions

Modicon M340: before 3.50

EcoStruxure Control Expert: 15.0 SP1

External links
https://ics-cert.us-cert.gov/advisories/icsa-21-194-02
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
https://ics-cert.kaspersky.com/advisories/2022/05/20/klcert-20-061-klcert-20-068-schneider-electric-modicon-m340-m580-authentication-bypass-by-spoofing/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Schneider Electric SCADApack RTU, Modicon Controllers and Software