PT-2021-7684 · Schneider Electric · Scadapack Remoteconnect For X70+2
Published
2021-07-13
·
Updated
2021-07-26
·
CVE-2021-22778
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EcoStruxure Control Expert versions prior to V15.0 SP1
EcoStruxure Process Expert versions prior to V15.0 SP1
SCADAPack RemoteConnect for x70 versions prior to V15.0 SP1
Description
The issue is related to insufficient protection of registration data, which could allow an attacker to gain unauthorized access to project files. This could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.
Recommendations
For EcoStruxure Control Expert versions prior to V15.0 SP1, update to version V15.0 SP1 or later to resolve the issue.
For EcoStruxure Process Expert versions prior to V15.0 SP1, update to version V15.0 SP1 or later to resolve the issue.
For SCADAPack RemoteConnect for x70 versions prior to V15.0 SP1, update to version V15.0 SP1 or later to resolve the issue.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecostruxure Control Expert
Ecostruxure Process Expert
Scadapack Remoteconnect For X70