SB2021071414 - Multiple vulnerabilities in Schneider Electric SCADApack RTU, Modicon Controllers and Software

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Insufficiently protected credentials (CVE-ID: CVE-2021-22778)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A remote attacker can use a specially crafted project file and read protected derived function blocks.

2) Insufficiently protected credentials (CVE-ID: CVE-2021-22780)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A remote authenticated attacker can gain unauthorized access to a project file protected by a password when this file is shared with untrusted sources and view and modify a project file.

3) Insufficiently protected credentials (CVE-ID: CVE-2021-22781)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A remote attacker can access a project file and cause a leak of SMTP credentials.

4) Missing Encryption of Sensitive Data (CVE-ID: CVE-2021-22782)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a missing encryption of sensitive data issue. A remote attacker can access a project file and cause an information leak allowing disclosure of network and process information, credentials, or intellectual property.

Remediation

Install update from vendor's website.

References

• https://ics-cert.us-cert.gov/advisories/icsa-21-194-02
• https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
• https://ics-cert.kaspersky.com/advisories/2022/05/20/klcert-21-007-schneider-electric-ecostruxure-control-expert-process-expert-scadapack-remoteconnect-for-x70-information-leak-from-project-file/