CVE-2021-22797

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert versions V15.0 SP1 and prior EcoStruxure Process Expert versions 2020 and prior SCADAPack RemoteConnect for x70 versions All

Description A path traversal vulnerability exists that could cause malicious scripts to be deployed in unauthorized locations, potentially resulting in code execution on the engineering workstation when a malicious project file is loaded in the engineering software.

Recommendations For EcoStruxure Control Expert versions V15.0 SP1 and prior, consider disabling the loading of project files from untrusted sources until a patch is available. For EcoStruxure Process Expert versions 2020 and prior, restrict access to the engineering software to minimize the risk of exploitation. For SCADAPack RemoteConnect for x70 versions All, avoid using the software to load project files from untrusted sources until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.