Details of VAR-202107-0331

ID

VAR-202107-0331

CVE

CVE-2021-22781

TITLE

plural Schneider Electric Inadequate protection of credentials in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-009771

DESCRIPTION

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file. EcoStruxure Control Expert , EcoStruxure Process Expert , SCADAPack RemoteConnect Exists in an inadequate protection of credentials.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-22781 // JVNDB: JVNDB-2021-009771 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-22781

AFFECTED PRODUCTS

vendor:	schneider electric	model:	remoteconnect	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure control expert	scope:	lt	version:	15.0	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure process expert	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure control expert	scope:	eq	version:	15.0	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure control expert	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ecostruxure process expert	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	remoteconnect	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009771 // NVD: CVE-2021-22781

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-22781
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-1022
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-22781
value:	LOW
Trust: 0.1

NVD:	CVE-2021-22781
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.9

NVD:	CVE-2021-22781
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22781
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-22781 // JVNDB: JVNDB-2021-009771 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1022 // NVD: CVE-2021-22781

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-009771 // NVD: CVE-2021-22781

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1022

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1022

CONFIGURATIONS

sources: NVD: CVE-2021-22781

PATCH

title:

SEVD-2021-194-01

url:

https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01

Trust: 0.8

sources: JVNDB: JVNDB-2021-009771

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22781	Trust: 3.3
db:	SCHNEIDER	id:	SEVD-2021-194-01	Trust: 1.7
db:	JVN	id:	JVNVU97215148	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-009771	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021071414	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2406	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-1022	Trust: 0.6
db:	VULMON	id:	CVE-2021-22781	Trust: 0.1

sources: VULMON: CVE-2021-22781 // JVNDB: JVNDB-2021-009771 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1022 // NVD: CVE-2021-22781

REFERENCES

url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu97215148/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22781	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071414	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2406	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-22781 // JVNDB: JVNDB-2021-009771 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1022 // NVD: CVE-2021-22781

SOURCES

db:	VULMON	id:	CVE-2021-22781
db:	JVNDB	id:	JVNDB-2021-009771
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-1022
db:	NVD	id:	CVE-2021-22781

LAST UPDATE DATE

2022-05-21T19:39:01.814000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-22781	date:	2021-07-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-009771	date:	2022-05-19T08:42:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-1022	date:	2021-08-12T00:00:00
db:	NVD	id:	CVE-2021-22781	date:	2021-07-26T13:48:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-22781	date:	2021-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-009771	date:	2022-05-19T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-1022	date:	2021-07-14T00:00:00
db:	NVD	id:	CVE-2021-22781	date:	2021-07-14T15:15:00