Out-of-Bounds Read Vulnerability in Eurotherm by Schneider Electric GUIcon Tool
CVE-2021-22809

5.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Guicon
Vendor: CVE Published:; 28 January 2022

Summary

An Out-of-Bounds Read vulnerability in the Eurotherm by Schneider Electric GUIcon tool allows a malicious actor to cause unintended data disclosure. This vulnerability arises when an improperly handled *.gd1 configuration file is loaded, potentially exposing sensitive information. The risk is present in GUIcon Version 2.0 (Build 683.003) and earlier versions, highlighting the importance of prompt updates and vigilant configuration management to mitigate such threats.

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2022
Vulnerability Reserved
Jan 6, 2021