CVE-2021-22778

{"id": "CVE-2021-22778", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2021-07-14T15:15:08.173", "references": [{"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de credenciales insuficientemente protegidas en EcoStruxure Control Expert (todas las versiones anteriores a V15.0 SP1, incluy\u00e9ndo todas las versiones de Unity Pro), EcoStruxure Process Expert (todas las versiones, incluy\u00e9ndo todas las versiones de EcoStruxure Hybrid DCS) y SCADAPack RemoteConnect for x70, todas las versiones, que podr\u00eda causar una lectura o modificaci\u00f3n de bloques de funci\u00f3n derivados protegidos por parte de usuarios no autorizados cuando se accede a un archivo de proyecto"}], "lastModified": "2021-07-26T12:59:19.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43140BF9-455B-4E3C-BF5E-BB9BBF9802D2", "versionEndExcluding": "15.0"}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9BF2D84-901E-4D34-941F-FFAB85B0E9D3"}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD97669F-93D5-42C4-BFC4-1993867F5911"}, {"criteria": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*", "vulnerable": true, "matchCriteriaId": "2D7E0B75-171E-4A73-B722-13473CE1B9D7"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}