CVE-2021-22781

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert versions prior to V15.0 SP1 EcoStruxure Process Expert (all versions) SCADAPack RemoteConnect for x70 (all versions)

Description The issue is related to insufficiently protected credentials, which could lead to a leak of SMTP credentials used for mailbox authentication when an attacker gains access to a project file. This could allow an attacker to obtain unauthorized access to the credentials.

Recommendations For EcoStruxure Control Expert versions prior to V15.0 SP1, update to V15.0 SP1 or later to resolve the issue. For EcoStruxure Process Expert, restrict access to project files to minimize the risk of exploitation until a fix is available. For SCADAPack RemoteConnect for x70, avoid using the affected software for mailbox authentication until the issue is resolved.