CVE-2021-22808

Name of the Vulnerable Software and Affected Versions Eurotherm by Schneider Electric GUIcon version 2.0 (Build 683.003) and prior

Description A Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. This issue is related to the handling of memory after it has been freed, specifically when processing *.gd1 configuration files. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

Recommendations For Eurotherm by Schneider Electric GUIcon version 2.0 (Build 683.003) and prior, consider avoiding the use of *.gd1 configuration files until a patch is available. As a temporary workaround, restrict the loading of *.gd1 files into the GUIcon tool to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.