Multiple vulnerabilities in Schneider Electric SCADApack RTU, Modicon Controllers and Software
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-22779 CVE-2020-12525 |
| CWE-ID | CWE-290 CWE-502 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SCADAPack 575 RTUs Server applications / SCADA systems SCADAPack 574 Server applications / SCADA systems SCADAPack 570 Server applications / SCADA systems SCADAPack 474 Server applications / SCADA systems SCADAPack 470 Server applications / SCADA systems EcoStruxure Control Expert Server applications / SCADA systems SCADAPack RemoteConnect for x70 Server applications / SCADA systems EcoStruxure Process Expert Server applications / SCADA systems Modicon M580 Hardware solutions / Firmware Modicon M340 Hardware solutions / Firmware |
| Vendor | Schneider Electric |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Authentication Bypass by Spoofing
EUVDB-ID: #VU54863
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-22779
CWE-ID:
CWE-290 - Authentication Bypass by Spoofing
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the authentication bypass by spoofing issue. A remote attacker can gain unauthorized access in read and write mode to the controller. MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSCADAPack 575 RTUs: All versions
SCADAPack 574: All versions
SCADAPack 570: All versions
SCADAPack 474: All versions
SCADAPack 470: All versions
EcoStruxure Control Expert: 15.0 SP1
SCADAPack RemoteConnect for x70: All versions
EcoStruxure Process Expert: All versions
Modicon M580: All versions
Modicon M340: All versions
CPE2.3- cpe:2.3:a:schneider_electric:scadapack_575_rtus:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:scadapack_574:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:scadapack_570:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:scadapack_474:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:scadapack_470:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:ecostruxure_control_expert:15.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:scadapack_remoteconnect_for_x70:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_m580:*:*:*:*:*:*:*:*
- cpe:2.3:h:schneider_electric:modicon_m340:*:*:*:*:*:*:*:*
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-02
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Deserialization of Untrusted Data
EUVDB-ID: #VU49956
Risk: Medium
CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-12525
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote authenticated attacker can use a specially crafted project file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
This vulnerability affects the following versions:
- fdtCONTAINER component
- Versions between 3.5.0 and 3.5.20304.x
- Versions between 3.6.0 and 3.6.20304.x
- Versions older than 3.5
- fdtCONTAINER application
- Versions between 4.5.0 and 4.5.20304.x
- Versions between 4.6.0 and 4.6.20304.x
- Versions older than 4.5
- dtmINSPECTOR Version 3 (Based on FDT 1.2.x)
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSCADAPack 575 RTUs: All versions
SCADAPack 574: All versions
SCADAPack 570: All versions
SCADAPack 474: All versions
SCADAPack 470: All versions
EcoStruxure Control Expert: 15.0 SP1
SCADAPack RemoteConnect for x70: All versions
EcoStruxure Process Expert: All versions
CPE2.3- cpe:2.3:a:schneider_electric:scadapack_575_rtus:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:scadapack_574:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:scadapack_570:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:scadapack_474:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:scadapack_470:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:ecostruxure_control_expert:15.0:SP1:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:scadapack_remoteconnect_for_x70:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-02
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
