Vulnerability Details CVE-2021-22797
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
References
Products affected by CVE-2021-22797
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:-
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:14.0
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:14.1
-
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0
-
cpe:2.3:a:schneider-electric:ecostruxure_process_expert:-
-
cpe:2.3:a:schneider-electric:ecostruxure_process_expert:2020
-
cpe:2.3:a:schneider-electric:remoteconnect:-
-
cpe:2.3:h:schneider-electric:scadapack_470:-
-
cpe:2.3:h:schneider-electric:scadapack_474:-
-
cpe:2.3:h:schneider-electric:scadapack_570:-
-
cpe:2.3:h:schneider-electric:scadapack_574:-
-
cpe:2.3:h:schneider-electric:scadapack_575:-