CVE-2021-22781
MEDIUMEcoStruxure - Info Disclosure
Title source: llmDescription
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file.
Scores
CVSS v3
5.5
EPSS
0.0005
EPSS Percentile
16.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-522
Status
published
Affected Products (4)
schneider-electric/ecostruxure_control_expert
< 15.0
schneider-electric/ecostruxure_control_expert
schneider-electric/ecostruxure_process_expert
schneider-electric/remoteconnect
Timeline
Published
Jul 14, 2021
Tracked Since
Feb 18, 2026