CVE-2021-22809

Name of the Vulnerable Software and Affected Versions Eurotherm by Schneider Electric GUIcon versions prior to 2.0 (Build 683.003)

Description The issue is related to errors in processing *.gd1 configuration files, which could allow an attacker to gain access to protected information or cause a denial of service. A CWE-125: Out-of-Bounds Read issue exists, potentially leading to unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool.

Recommendations For versions prior to 2.0 (Build 683.003), consider disabling the loading of *.gd1 configuration files until a patch is available to prevent potential exploitation. Restrict access to the GUIcon tool to minimize the risk of unintended data disclosure. Avoid using malicious or unverified *.gd1 configuration files with the GUIcon tool.