Sign-up

ID

VAR-202107-0332


CVE

CVE-2021-22782


TITLE

plural  Schneider Electric  Vulnerability in lack of encryption of critical data in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-009770

DESCRIPTION

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file. EcoStruxure Control Expert , EcoStruxure Process Expert , SCADAPack RemoteConnect There is a vulnerability in the lack of encryption of critical data.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-22782 // JVNDB: JVNDB-2021-009770 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-22782

AFFECTED PRODUCTS

vendor:schneider electricmodel:remoteconnectscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:ecostruxure control expertscope:ltversion:15.0

Trust: 1.0

vendor:schneider electricmodel:ecostruxure process expertscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:ecostruxure control expertscope:eqversion:15.0

Trust: 1.0

vendor:schneider electricmodel:ecostruxure control expertscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:ecostruxure process expertscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:remoteconnectscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-009770 // NVD: CVE-2021-22782

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-22782
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-1021
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-22782
value: LOW

Trust: 0.1

NVD: CVE-2021-22782
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.9

NVD: CVE-2021-22782
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-22782
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-22782 // JVNDB: JVNDB-2021-009770 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1021 // NVD: CVE-2021-22782

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.0

problemtype:Lack of encryption of critical data (CWE-311) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009770 // NVD: CVE-2021-22782

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1021

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1021

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-22782

PATCH
title:SEVD-2021-194-01url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2021-009770

EXTERNAL IDS
db:NVDid:CVE-2021-22782
Trust: 3.3
db:SCHNEIDERid:SEVD-2021-194-01
Trust: 1.7
db:JVNid:JVNVU97215148
Trust: 0.8
db:JVNDBid:JVNDB-2021-009770
Trust: 0.8
db:CS-HELPid:SB2021041363
Trust: 0.6
db:CNNVDid:CNNVD-202104-975
Trust: 0.6
db:CS-HELPid:SB2021071414
Trust: 0.6
db:AUSCERTid:ESB-2021.2406
Trust: 0.6
db:CNNVDid:CNNVD-202107-1021
Trust: 0.6
db:VULMONid:CVE-2021-22782
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-22782 // 
            
            
            
            JVNDB: JVNDB-2021-009770 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202107-1021 // 
            
            
            
            NVD: CVE-2021-22782

REFERENCES
url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-194-01
Trust: 1.7
url:https://jvn.jp/vu/jvnvu97215148/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2021-22782
Trust: 0.8
url:https://www.cybersecurity-help.cz/vdb/sb2021041363
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021071414
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.2406
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/311.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-22782 // 
            
            
            
            JVNDB: JVNDB-2021-009770 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202107-1021 // 
            
            
            
            NVD: CVE-2021-22782

SOURCES
db:VULMONid:CVE-2021-22782
db:JVNDBid:JVNDB-2021-009770
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-1021
db:NVDid:CVE-2021-22782

LAST UPDATE DATE
2022-05-21T20:11:57.019000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-22782date:2021-07-26T00:00:00
db:JVNDBid:JVNDB-2021-009770date:2022-05-19T08:37:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-1021date:2021-08-12T00:00:00
db:NVDid:CVE-2021-22782date:2021-07-26T13:41:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-22782date:2021-07-14T00:00:00
db:JVNDBid:JVNDB-2021-009770date:2022-05-19T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-1021date:2021-07-14T00:00:00
db:NVDid:CVE-2021-22782date:2021-07-14T15:15:00