CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)

CVSS v3 7.8 HIGH
CVSS v2.0 9.3 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2021-257-01/	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:schneider-electric:ecostruxure_control_expert::::::::
	cpe:2.3:a:schneider-electric:ecostruxure_process_expert::::::::

Configuration 2 (hide)

AND

cpe:2.3:a:schneider-electric:remoteconnect:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:scadapack_470:-:::::::*
	cpe:2.3:h:schneider-electric:scadapack_474:-:::::::*
	cpe:2.3:h:schneider-electric:scadapack_570:-:::::::*
	cpe:2.3:h:schneider-electric:scadapack_574:-:::::::*
	cpe:2.3:h:schneider-electric:scadapack_575:-:::::::*

History

No history.

Information

Published : 2022-04-13 16:15

Updated : 2022-04-23 02:12

NVD link : CVE-2021-22797

Mitre link : CVE-2021-22797

CVE.ORG link : CVE-2021-22797

JSON object : View

Products Affected

schneider-electric

ecostruxure_process_expert
scadapack_470
scadapack_574
scadapack_570
scadapack_575
ecostruxure_control_expert
remoteconnect
scadapack_474

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2021-22797", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-04-13T16:15:09.370", "references": [{"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)"}, {"lang": "es", "value": "Una CWE-22: Se presenta una vulnerabilidad de Limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\" Salto de Ruta\") que podr\u00eda causar la implementaci\u00f3n de scripts maliciosos en una ubicaci\u00f3n no autorizada y puede resultar en una ejecuci\u00f3n de c\u00f3digo en la estaci\u00f3n de trabajo de ingenier\u00eda cuando es cargado un archivo de proyecto malicioso en el software de ingenier\u00eda. Producto afectado: EcoStruxure Control Expert (versiones V15.0 SP1 y anteriores, incluido el antiguo Unity Pro), EcoStruxure Process Expert (versiones 2020 y anteriores, incluido el antiguo HDCS), SCADAPack RemoteConnect para x70 (Todas las versiones)"}], "lastModified": "2022-04-23T02:12:28.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DCC0C29-32C2-4463-B98F-AB4B56FF5314", "versionEndExcluding": "15.1"}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAB4A9EC-96A2-424D-A858-162E662EBEFB", "versionEndExcluding": "2021"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:remoteconnect:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FFDF36B-30A5-4B35-956C-60DC15CE7EE4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:scadapack_470:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F51A7887-4F1A-428C-9E68-260E7262A678"}, {"criteria": "cpe:2.3:h:schneider-electric:scadapack_474:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58BACC54-6609-4DCE-AEEC-A9C2396635A0"}, {"criteria": "cpe:2.3:h:schneider-electric:scadapack_570:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FFDF44F3-2514-4CB0-A1A4-87123225B0F1"}, {"criteria": "cpe:2.3:h:schneider-electric:scadapack_574:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F5CDC99-C4C8-43FE-8EA7-65C7EDFD9BA3"}, {"criteria": "cpe:2.3:h:schneider-electric:scadapack_575:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE4172DF-94E3-4AEE-8D6B-9F48DC453B9E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}