CVE-2021-22780
HIGHEcoStruxure Control Expert < 15.0 SP1, EcoStruxure Process Expert, RemoteConnect - Insufficiently Protected Credentials
Title source: llmDescription
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
Scores
CVSS v3
7.1
EPSS
0.0005
EPSS Percentile
16.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-522
Status
published
Products (4)
schneider-electric/ecostruxure_control_expert
15.0
schneider-electric/ecostruxure_control_expert
< 15.0
schneider-electric/ecostruxure_process_expert
schneider-electric/remoteconnect
Published
Jul 14, 2021
Tracked Since
Feb 18, 2026