Details of VAR-202106-0530

ID

VAR-202106-0530

CVE

CVE-2021-22752

TITLE

plural Schneider Electric Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-001884

DESCRIPTION

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition. Schneider Electric The following vulnerabilities exist in multiple products provided by the company. IGSS ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-22750 , CVE-2021-22751 , CVE-2021-22752 , CVE-2021-22754 , CVE-2021-22755 ‥ * Out-of-bounds reading (CWE-125) - CVE-2021-22753 , CVE-2021-22756 , CVE-2021-22757 ‥ * Accessing uninitialized pointers (CWE-824) - CVE-2021-22758 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2021-22759 ‥ * Freeing invalid pointers and references (CWE-763) - CVE-2021-22760 ‥ * Buffer error (CWE-119) - CVE-2021-22761 ‥ * Directory traversal (CWE-22) - CVE-2021-22762Modicon X80 ‥ * Information leakage vulnerability (CWE-200) - CVE-2021-22749The expected impact depends on the vulnerability, but it can be impacted as follows: IGSS ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Data is lost or code is executed when importing a file - CVE-2021-22750 , CVE-2021-22754 , CVE-2021-22758 , CVE-2021-22759 , CVE-2021-22760 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Information is stolen or arbitrary code is executed when a file is imported - CVE-2021-22751 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Information is stolen or code is executed when a file is imported - CVE-2021-22755 , CVE-2021-22756 , CVE-2021-22757 , CVE-2021-22761 ‥ * Fraudulent, crafted by a third party WSP (Workspace) Data is lost or code is executed when parsing a file - CVE-2021-22752 , CVE-2021-22753 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) , Or WSP (Workspace) Code is executed when the file is imported - CVE-2021-22762Modicon X80 ‥ * Crafted by a remote third party, HTTP Includes communication parameters used for telemetry when a request is received RTU Information is stolen regarding settings - CVE-2021-22749. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The Schneider Electric Interactive Graphical SCADA System (IGSS) is an advanced SCADA system for monitoring and controlling industrial processes

Trust: 2.88

sources: NVD: CVE-2021-22752 // JVNDB: JVNDB-2021-001884 // ZDI: ZDI-21-673 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-381226

AFFECTED PRODUCTS

vendor:	schneider electric	model:	interactive graphical scada system	scope:	lte	version:	15.0.0.21140	Trust: 1.0
vendor:	schneider electric	model:	modicon x80 bmxnor0200h rtu	scope:	lte	version:	sv1.70 ir22 and earlier	Trust: 0.8
vendor:	schneider electric	model:	igss definition	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	igss	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-673 // JVNDB: JVNDB-2021-001884 // NVD: CVE-2021-22752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22752
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2021-001884
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-22752
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-629
value:	HIGH
Trust: 0.6
VULHUB:	VHN-381226
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22752
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-381226
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22752
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA:	JVNDB-2021-001884
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2021-22752
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-673 // VULHUB: VHN-381226 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-629 // NVD: CVE-2021-22752

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Buffer error (CWE-119) [IPA Evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds read (CWE-125) [IPA Evaluation ]	Trust: 0.8
problemtype:	information leak (CWE-200) [IPA Evaluation ]	Trust: 0.8
problemtype:	Path traversal (CWE-22) [IPA Evaluation ]	Trust: 0.8
problemtype:	Use of freed memory (CWE-416) [IPA Evaluation ]	Trust: 0.8
problemtype:	Freeing invalid pointers and references (CWE-763) [IPA Evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [IPA Evaluation ]	Trust: 0.8
problemtype:	Accessing uninitialized pointers (CWE-824) [IPA Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-381226 // JVNDB: JVNDB-2021-001884 // NVD: CVE-2021-22752

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-629

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Embedded Web Server for Modicon X80 BMXNOR0200H RTU Module	url:	https://igss.schneider-electric.com/igss/igssupdates/v150/IGSSUPDATE.ZIP	Trust: 0.8
title:	Schneider Electric has issued an update to correct this vulnerability.	url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04	Trust: 0.7
title:	Schneider Electric IGSS Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153287	Trust: 0.6

sources: ZDI: ZDI-21-673 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202106-629

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22752	Trust: 3.2
db:	SCHNEIDER	id:	SEVD-2021-159-01	Trust: 1.7
db:	ICS CERT	id:	ICSA-21-159-04	Trust: 1.4
db:	ZDI	id:	ZDI-21-673	Trust: 1.3
db:	ICS CERT	id:	ICSA-21-159-05	Trust: 0.8
db:	JVN	id:	JVNVU94079949	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001884	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12773	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060921	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2048	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-629	Trust: 0.6
db:	CNVD	id:	CNVD-2021-42157	Trust: 0.1
db:	VULHUB	id:	VHN-381226	Trust: 0.1

sources: ZDI: ZDI-21-673 // VULHUB: VHN-381226 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-629 // NVD: CVE-2021-22752

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04	Trust: 2.1
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-01	Trust: 1.7
url:	http://jvn.jp/cert/jvnvu94079949	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-159-05	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-673/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22752	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2048	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060921	Trust: 0.6

sources: ZDI: ZDI-21-673 // VULHUB: VHN-381226 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-629 // NVD: CVE-2021-22752

CREDITS

kimiya

Trust: 1.3

sources: ZDI: ZDI-21-673 // CNNVD: CNNVD-202106-629

SOURCES

db:	ZDI	id:	ZDI-21-673
db:	VULHUB	id:	VHN-381226
db:	JVNDB	id:	JVNDB-2021-001884
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-629
db:	NVD	id:	CVE-2021-22752

LAST UPDATE DATE

2024-08-14T12:39:49.130000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-673	date:	2021-06-10T00:00:00
db:	VULHUB	id:	VHN-381226	date:	2021-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-001884	date:	2021-06-11T07:10:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-629	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-22752	date:	2021-06-15T18:42:37.090

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-673	date:	2021-06-10T00:00:00
db:	VULHUB	id:	VHN-381226	date:	2021-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-001884	date:	2021-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-629	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2021-22752	date:	2021-06-11T16:15:09.403