CVE-2021-22807

Name of the Vulnerable Software and Affected Versions Eurotherm by Schneider Electric GUIcon version 2.0 (Build 683.003) and prior

Description A CWE-787: Out-of-bounds Write issue exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. This issue is related to the processing of *.gd1 configuration files, which can allow an attacker to execute arbitrary code.

Recommendations For Eurotherm by Schneider Electric GUIcon version 2.0 (Build 683.003) and prior, consider avoiding the use of malicious *.gd1 configuration files until a patch is available. As a temporary workaround, restrict the loading of *.gd1 files into the GUIcon tool to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.