Sign-up

ID

VAR-202109-1974


CVE

CVE-2021-22797


TITLE

Schneider Electric  Made  EcoStruxure  and  SCADAPack  Directory traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002515

DESCRIPTION

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of STU and STA files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user

Trust: 2.34

sources: NVD: CVE-2021-22797 // JVNDB: JVNDB-2021-002515 // ZDI: ZDI-21-1102 // VULMON: CVE-2021-22797

AFFECTED PRODUCTS

vendor:schneider electricmodel:ecostruxure control expertscope:ltversion:15.1

Trust: 1.0

vendor:schneider electricmodel:ecostruxure process expertscope:ltversion:2021

Trust: 1.0

vendor:schneider electricmodel:remoteconnectscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:ecostruxure process expertscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:ecostruxure control expertscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:scadapack remoteconnect for x70scope:eqversion:all s

Trust: 0.8

vendor:schneider electricmodel:ecostruxure control expert classicscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-1102 // JVNDB: JVNDB-2021-002515 // NVD: CVE-2021-22797

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-22797
value: HIGH

Trust: 1.0

OTHER: JVNDB-2021-002515
value: HIGH

Trust: 0.8

ZDI: CVE-2021-22797
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202109-1469
value: HIGH

Trust: 0.6

NVD: CVE-2021-22797
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-22797
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-002515
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-22797
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-1102 // JVNDB: JVNDB-2021-002515 // CNNVD: CNNVD-202109-1469 // NVD: CVE-2021-22797

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-002515 // NVD: CVE-2021-22797

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-1469

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202109-1469

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-22797

PATCH
title:EcoStruxureTM Control Expert, EcoStruxureTM Process Expert, SCADAPack RemoteConnect? for x70url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-257-01
Trust: 0.8
title:Schneider Electric has issued an update to correct this vulnerability.url:https://us-cert.cisa.gov/ics/advisories/icsa-21-259-02
Trust: 0.7
title:Schneider Electric EcoStruxure Control Expert Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=163280
Trust: 0.6
sources:
            
            
            ZDI: ZDI-21-1102 // 
            
            
            
            JVNDB: JVNDB-2021-002515 // 
            
            
            
            CNNVD: CNNVD-202109-1469

EXTERNAL IDS
db:NVDid:CVE-2021-22797
Trust: 3.2
db:SCHNEIDERid:SEVD-2021-257-01
Trust: 1.6
db:ZDIid:ZDI-21-1102
Trust: 1.4
db:JVNid:JVNVU98742301
Trust: 0.8
db:ICS CERTid:ICSA-21-259-02
Trust: 0.8
db:JVNDBid:JVNDB-2021-002515
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-13461
Trust: 0.7
db:CNNVDid:CNNVD-202109-1469
Trust: 0.6
db:VULMONid:CVE-2021-22797
Trust: 0.1
sources:
            
            
            ZDI: ZDI-21-1102 // 
            
            
            
            VULMON: CVE-2021-22797 // 
            
            
            
            JVNDB: JVNDB-2021-002515 // 
            
            
            
            CNNVD: CNNVD-202109-1469 // 
            
            
            
            NVD: CVE-2021-22797

REFERENCES
url:https://www.se.com/ww/en/download/document/sevd-2021-257-01/
Trust: 1.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-21-259-02
Trust: 1.5
url:http://jvn.jp/vu/jvnvu98742301/index.html
Trust: 0.8
url:https://www.zerodayinitiative.com/advisories/zdi-21-1102/
Trust: 0.7
url:https://cxsecurity.com/cveshow/cve-2021-22797/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-21-1102 // 
            
            
            
            VULMON: CVE-2021-22797 // 
            
            
            
            JVNDB: JVNDB-2021-002515 // 
            
            
            
            CNNVD: CNNVD-202109-1469 // 
            
            
            
            NVD: CVE-2021-22797

CREDITS
kimiya
Trust: 0.7
sources:
            
            
            ZDI: ZDI-21-1102

SOURCES
db:ZDIid:ZDI-21-1102
db:VULMONid:CVE-2021-22797
db:JVNDBid:JVNDB-2021-002515
db:CNNVDid:CNNVD-202109-1469
db:NVDid:CVE-2021-22797

LAST UPDATE DATE
2022-05-04T08:16:26.089000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-21-1102date:2021-09-20T00:00:00
db:JVNDBid:JVNDB-2021-002515date:2021-09-22T06:36:00
db:CNNVDid:CNNVD-202109-1469date:2022-04-24T00:00:00
db:NVDid:CVE-2021-22797date:2022-04-23T02:12:00

SOURCES RELEASE DATE
db:ZDIid:ZDI-21-1102date:2021-09-20T00:00:00
db:JVNDBid:JVNDB-2021-002515date:2021-09-22T00:00:00
db:CNNVDid:CNNVD-202109-1469date:2021-09-20T00:00:00
db:NVDid:CVE-2021-22797date:2022-04-13T16:15:00