Password Hash Insufficient Computational Effort in ClearSCADA and EcoStruxure Geo SCADA
CVE-2021-22741

6.7MEDIUM

Key Information:

Vendor

Schneider Electric
Status
Clearscada (all Versions), Ecostruxure Geo Scada Expert 2019 (all Versions), And Ecostruxure Geo Scada Expert 2020 (v83.7742.1 And Prior)
Vendor
CVE Published:
26 May 2021

What is CVE-2021-22741?

A vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert products due to the use of password hashes with insufficient computational effort. This flaw can allow attackers to uncover account credentials if they gain access to server database files. Consequently, systems become susceptible to password decryption attacks, making this issue critical for users to address promptly. It is important to note that '.sde' configuration export files do not store user account password hashes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ClearSCADA (all ), EcoStruxure Geo SCADA Expert 2019 (all ), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior) ClearSCADA,EcoStruxure Geo SCADA Expert 2019 and EcoStruxure Geo SCADA Expert 2020(see security notification for affected versions)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...
x_refsource_MISC

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.