CVE-2021-22778
HIGHEcoStruxure Control Expert < 15.0 SP1, EcoStruxure Process Expert, SCADAPack RemoteConnect - Credential Exposure
Title source: llmDescription
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
Scores
CVSS v3
7.1
EPSS
0.0004
EPSS Percentile
13.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-522
Status
published
Products (4)
schneider-electric/ecostruxure_control_expert
15.0
schneider-electric/ecostruxure_control_expert
< 15.0
schneider-electric/ecostruxure_process_expert
schneider-electric/remoteconnect
Published
Jul 14, 2021
Tracked Since
Feb 18, 2026