Out-of-Bounds Read Vulnerability in Eurotherm by Schneider Electric GUIcon Tool
CVE-2021-22809

5.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Guicon
Vendor: CVE Published:; 28 January 2022

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2021-22809?

An Out-of-Bounds Read vulnerability in the Eurotherm by Schneider Electric GUIcon tool allows a malicious actor to cause unintended data disclosure. This vulnerability arises when an improperly handled *.gd1 configuration file is loaded, potentially exposing sensitive information. The risk is present in GUIcon Version 2.0 (Build 683.003) and earlier versions, highlighting the importance of prompt updates and vigilant configuration management to mitigate such threats.

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2022
Vulnerability Reserved
Jan 6, 2021