CVE-2021-22797 - OpenCVE

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Scadapack 470 Ecostruxure Control Expert Scadapack 570 Scadapack 474 Ecostruxure Process Expert Scadapack 574 Scadapack 575 Remoteconnect

Configuration 1 [-]

OR	cpe:2.3:a:schneider-electric:ecostruxure_control_expert::::::::
	cpe:2.3:a:schneider-electric:ecostruxure_process_expert::::::::

Configuration 2 [-]

AND

cpe:2.3:a:schneider-electric:remoteconnect:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:scadapack_470:-:::::::*
	cpe:2.3:h:schneider-electric:scadapack_474:-:::::::*
	cpe:2.3:h:schneider-electric:scadapack_570:-:::::::*
	cpe:2.3:h:schneider-electric:scadapack_574:-:::::::*
	cpe:2.3:h:schneider-electric:scadapack_575:-:::::::*

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2021-257-01/	Mitigation Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2022-03-28T16:25:24

Updated: 2022-04-13T15:45:24

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22797

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-13T16:15:09.370

Modified: 2022-04-23T02:12:28.793

Link: CVE-2021-22797

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "EcoStruxure Control Expert", "vendor": "Schneider Electric", "versions": [{"lessThan": "V15.0 SP1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "EcoStruxure Process Expert", "vendor": "Schneider Electric", "versions": [{"lessThan": "2020", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "SCADAPack RemoteConnect for x70", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "All versions"}]}], "descriptions": [{"lang": "en", "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-13T15:45:24", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2021-22797", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EcoStruxure Control Expert", "version": {"version_data": [{"version_affected": "<", "version_value": "V15.0 SP1"}]}}, {"product_name": "EcoStruxure Process Expert", "version": {"version_data": [{"version_affected": "<", "version_value": "2020"}]}}, {"product_name": "SCADAPack RemoteConnect for x70", "version": {"version_data": [{"version_value": "All versions"}]}}]}, "vendor_name": "Schneider Electric"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/", "refsource": "MISC", "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2021-22797", "datePublished": "2022-03-28T16:25:24", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2022-04-13T15:45:24", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DCC0C29-32C2-4463-B98F-AB4B56FF5314", "versionEndExcluding": "15.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "matchCriteriaId": "FAB4A9EC-96A2-424D-A858-162E662EBEFB", "versionEndExcluding": "2021", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:remoteconnect:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FFDF36B-30A5-4B35-956C-60DC15CE7EE4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:scadapack_470:-:*:*:*:*:*:*:*", "matchCriteriaId": "F51A7887-4F1A-428C-9E68-260E7262A678", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:scadapack_474:-:*:*:*:*:*:*:*", "matchCriteriaId": "58BACC54-6609-4DCE-AEEC-A9C2396635A0", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:scadapack_570:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFDF44F3-2514-4CB0-A1A4-87123225B0F1", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:scadapack_574:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F5CDC99-C4C8-43FE-8EA7-65C7EDFD9BA3", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:scadapack_575:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE4172DF-94E3-4AEE-8D6B-9F48DC453B9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)"}, {"lang": "es", "value": "Una CWE-22: Se presenta una vulnerabilidad de Limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\" Salto de Ruta\") que podr\u00eda causar la implementaci\u00f3n de scripts maliciosos en una ubicaci\u00f3n no autorizada y puede resultar en una ejecuci\u00f3n de c\u00f3digo en la estaci\u00f3n de trabajo de ingenier\u00eda cuando es cargado un archivo de proyecto malicioso en el software de ingenier\u00eda. Producto afectado: EcoStruxure Control Expert (versiones V15.0 SP1 y anteriores, incluido el antiguo Unity Pro), EcoStruxure Process Expert (versiones 2020 y anteriores, incluido el antiguo HDCS), SCADAPack RemoteConnect para x70 (Todas las versiones)"}], "id": "CVE-2021-22797", "lastModified": "2022-04-23T02:12:28.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2022-04-13T16:15:09.370", "references": [{"source": "cybersecurity@se.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cybersecurity@se.com", "type": "Primary"}]}