PT-2021-7839 · Schneider Electric · Scadapack Remoteconnect For X70+2
Published
2021-07-13
·
Updated
2021-07-26
·
CVE-2021-22782
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
EcoStruxure Control Expert versions prior to V15.0 SP1
EcoStruxure Process Expert versions prior to V15.0 SP1
SCADAPack RemoteConnect for x70 versions prior to V15.0 SP1
Description
The issue is related to insufficient protection of registration data, which could allow an attacker to gain unauthorized access to the device. This may cause an information leak, potentially disclosing network and process information, credentials, or intellectual property when an attacker accesses a project file.
Recommendations
For EcoStruxure Control Expert versions prior to V15.0 SP1, update to version V15.0 SP1 or later to resolve the issue.
For EcoStruxure Process Expert versions prior to V15.0 SP1, update to version V15.0 SP1 or later to resolve the issue.
For SCADAPack RemoteConnect for x70 versions prior to V15.0 SP1, update to version V15.0 SP1 or later to resolve the issue.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecostruxure Control Expert
Ecostruxure Process Expert
Scadapack Remoteconnect For X70