CVE-2021-22780

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert versions prior to V15.0 SP1 EcoStruxure Process Expert (all versions) SCADAPack RemoteConnect for x70 (all versions) Unity Pro (all versions)

Description The issue is related to insufficient protection of credentials, which could allow unauthorized access to a project file protected by a password when shared with untrusted sources. An attacker may bypass the password protection, enabling them to view and modify the project file. This could potentially lead to unauthorized device access.

Recommendations For EcoStruxure Control Expert versions prior to V15.0 SP1, update to V15.0 SP1 or later to resolve the issue. For EcoStruxure Process Expert, consider restricting access to project files and limiting sharing with untrusted sources until a fix is available. For SCADAPack RemoteConnect for x70, restrict access to project files and avoid sharing them with untrusted sources until a fix is provided. For Unity Pro, limit access to project files and refrain from sharing them with untrusted sources until a resolution is available.