CVE-2021-22778

🗓️ 14 Jul 2021 14:26:35Reported by schneiderType

Insufficiently Protected Credentials vulnerability in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnec

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerabilities of the programming software for PLCs (programmable logic controllers), the configuration software SCADAPack RemoteConnect, and the automation system for technological processes EcoStruxure Process Expert allow a intruder to gain unauthorized access to project files.	28 Mar 202300:00	–	bdu_fstec
Circl	CVE-2021-22778	15 Jul 202111:07	–	circl
CNNVD	Schneider Electric EcoStruxure Control Expert 安全漏洞	14 Jul 202100:00	–	cnnvd
CVE	CVE-2021-22778	14 Jul 202114:26	–	cve
EUVD	EUVD-2021-9913	3 Oct 202520:07	–	euvd
ICS	Schneider Electric Modicon Controllers and Software (Update A)	13 Jul 202100:00	–	ics
NVD	CVE-2021-22778	14 Jul 202115:15	–	nvd
OSV	CVE-2021-22778	14 Jul 202115:15	–	osv
Prion	Design/Logic Flaw	14 Jul 202115:15	–	prion
RedhatCVE	CVE-2021-22778	22 May 202519:16	–	redhatcve

[
  {
    "product": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

14 Jul 2021 14:26Current

6.9Medium risk

Vulners AI Score6.9

EPSS0.00045

CWE-522