// For flags

CVE-2021-22778

 

Severity Score

7.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.

Se presenta una vulnerabilidad de credenciales insuficientemente protegidas en EcoStruxure Control Expert (todas las versiones anteriores a V15.0 SP1, incluyéndo todas las versiones de Unity Pro), EcoStruxure Process Expert (todas las versiones, incluyéndo todas las versiones de EcoStruxure Hybrid DCS) y SCADAPack RemoteConnect for x70, todas las versiones, que podría causar una lectura o modificación de bloques de función derivados protegidos por parte de usuarios no autorizados cuando se accede a un archivo de proyecto

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-06 CVE Reserved
  • 2021-07-14 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-522: Insufficiently Protected Credentials
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
Ecostruxure Control Expert
Search vendor "Schneider-electric" for product "Ecostruxure Control Expert"
< 15.0
Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" and version " < 15.0"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
Ecostruxure Control Expert
Search vendor "Schneider-electric" for product "Ecostruxure Control Expert"
15.0
Search vendor "Schneider-electric" for product "Ecostruxure Control Expert" and version "15.0"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
Ecostruxure Process Expert
Search vendor "Schneider-electric" for product "Ecostruxure Process Expert"
*-
Affected
Schneider-electric
Search vendor "Schneider-electric"
Remoteconnect
Search vendor "Schneider-electric" for product "Remoteconnect"
*scadapack_x70
Affected