Missing Encryption of Sensitive Data Vulnerability in EcoStruxure Control Expert and Process Expert from Schneider Electric
CVE-2021-22782

5.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions
Vendor: CVE Published:; 14 July 2021

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2021-22782?

A vulnerability in EcoStruxure Control Expert and EcoStruxure Process Expert allows unauthorized access to sensitive data, including network and process information, as well as credentials and intellectual property. This occurs due to missing encryption when an attacker gains access to project files, leading to potential data breaches and disclosure of confidential information.

Affected Version(s)

EcoStruxure Control Expert (all prior to V15.0 SP1, including all of Unity Pro), EcoStruxure Process Expert (all , including all of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions

References

http://download.schneider-electric.com/files?p_Doc_Ref=SE...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2021
Vulnerability Reserved
Jan 6, 2021