Details of VAR-202103-0440

ID

VAR-202103-0440

CVE

CVE-2021-22709

TITLE

Interactive Graphical SCADA System Buffer Error Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004400

DESCRIPTION

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. Interactive Graphical SCADA System (IGSS) Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Schneider Electric Interactive Graphical SCADA System (IGSS) is a set of SCADA (Data Acquisition and Supervisory Control System) system used by French Schneider Electric (Schneider Electric) to monitor and control industrial processes. Interactive Graphical SCADA System (IGSS) Definition V15.0.0.21041 and earlier versions have a buffer overflow vulnerability

Trust: 2.88

sources: NVD: CVE-2021-22709 // JVNDB: JVNDB-2021-004400 // ZDI: ZDI-21-272 // CNVD: CNVD-2021-18389 // VULHUB: VHN-381183

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-18389

AFFECTED PRODUCTS

vendor:	schneider electric	model:	interactive graphical scada system	scope:	lte	version:	15.0.0.21041	Trust: 1.0
vendor:	schneider electric	model:	interactive graphical scada system	scope:	eq	version:	-	Trust: 0.8
vendor:	schneider electric	model:	interactive graphical scada system	scope:	lte	version:	15.0.0.21041 and earlier	Trust: 0.8
vendor:	schneider electric	model:	igss	scope:	-	version:	-	Trust: 0.7
vendor:	schneider	model:	electric interactive graphical scada system definition	scope:	lte	version:	<=v15.0.0.21041	Trust: 0.6

sources: ZDI: ZDI-21-272 // CNVD: CNVD-2021-18389 // JVNDB: JVNDB-2021-004400 // NVD: CVE-2021-22709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22709
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22709
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-22709
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2021-18389
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202103-806
value:	HIGH
Trust: 0.6
VULHUB:	VHN-381183
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-22709
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-18389
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-381183
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22709
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22709
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2021-22709
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-272 // CNVD: CNVD-2021-18389 // VULHUB: VHN-381183 // JVNDB: JVNDB-2021-004400 // CNNVD: CNNVD-202103-806 // NVD: CVE-2021-22709

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.1
problemtype:	Buffer error (CWE-119) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-381183 // JVNDB: JVNDB-2021-004400 // NVD: CVE-2021-22709

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-806

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202103-806

PATCH

title:	Product Documentation & Software downloads Schneider Electric Security Notification	url:	https://www.se.com/ww/en/download/document/SEVD-2021-068-01	Trust: 0.8
title:	Schneider Electric has issued an update to correct this vulnerability.	url:	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01	Trust: 0.7
title:	Patch for Schneider Electric Interactive Graphical SCADA System buffer overflow vulnerability (CNVD-2021-18389)	url:	https://www.cnvd.org.cn/patchInfo/show/253511	Trust: 0.6
title:	Schneider Electric Interactive Graphical SCADA System Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144187	Trust: 0.6

sources: ZDI: ZDI-21-272 // CNVD: CNVD-2021-18389 // JVNDB: JVNDB-2021-004400 // CNNVD: CNNVD-202103-806

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22709	Trust: 3.8
db:	SCHNEIDER	id:	SEVD-2021-068-01	Trust: 1.7
db:	ZDI	id:	ZDI-21-272	Trust: 1.3
db:	JVN	id:	JVNVU92960744	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-004400	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12599	Trust: 0.7
db:	CNVD	id:	CNVD-2021-18389	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0888	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-070-01	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-806	Trust: 0.6
db:	VULHUB	id:	VHN-381183	Trust: 0.1

sources: ZDI: ZDI-21-272 // CNVD: CNVD-2021-18389 // VULHUB: VHN-381183 // JVNDB: JVNDB-2021-004400 // CNNVD: CNNVD-202103-806 // NVD: CVE-2021-22709

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-068-01	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22709	Trust: 2.0
url:	https://www.se.com/ww/en/download/document/sevd-2021-068-01	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu92960744/	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-272/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-070-01	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0888	Trust: 0.6

sources: ZDI: ZDI-21-272 // CNVD: CNVD-2021-18389 // VULHUB: VHN-381183 // JVNDB: JVNDB-2021-004400 // CNNVD: CNNVD-202103-806 // NVD: CVE-2021-22709

CREDITS

kimiya

Trust: 0.7

sources: ZDI: ZDI-21-272

SOURCES

db:	ZDI	id:	ZDI-21-272
db:	CNVD	id:	CNVD-2021-18389
db:	VULHUB	id:	VHN-381183
db:	JVNDB	id:	JVNDB-2021-004400
db:	CNNVD	id:	CNNVD-202103-806
db:	NVD	id:	CVE-2021-22709

LAST UPDATE DATE

2024-11-23T21:34:49.776000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-272	date:	2021-03-11T00:00:00
db:	CNVD	id:	CNVD-2021-18389	date:	2021-03-22T00:00:00
db:	VULHUB	id:	VHN-381183	date:	2021-03-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-004400	date:	2021-11-19T07:20:00
db:	CNNVD	id:	CNNVD-202103-806	date:	2021-03-19T00:00:00
db:	NVD	id:	CVE-2021-22709	date:	2024-11-21T05:50:30.430

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-272	date:	2021-03-11T00:00:00
db:	CNVD	id:	CNVD-2021-18389	date:	2021-03-18T00:00:00
db:	VULHUB	id:	VHN-381183	date:	2021-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-004400	date:	2021-11-19T00:00:00
db:	CNNVD	id:	CNNVD-202103-806	date:	2021-03-11T00:00:00
db:	NVD	id:	CVE-2021-22709	date:	2021-03-11T21:15:12.077