CVE-2021-22782

MEDIUM

EcoStruxure - Info Disclosure

Title source: llm

Description

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file.

References (1)

[Vendor Advisory] http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 6.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-311

Status published

Products (4)

schneider-electric/ecostruxure_control_expert 15.0

schneider-electric/ecostruxure_control_expert < 15.0

schneider-electric/ecostruxure_process_expert

schneider-electric/remoteconnect

Published Jul 14, 2021

Tracked Since Feb 18, 2026