Sign-up

ID

VAR-202106-0532


CVE

CVE-2021-22754


TITLE

plural  Schneider Electric  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-001884

DESCRIPTION

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of user-supplied data, when a malicious CGF file is imported to IGSS Definition. Schneider Electric The following vulnerabilities exist in multiple products provided by the company. IGSS ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-22750 , CVE-2021-22751 , CVE-2021-22752 , CVE-2021-22754 , CVE-2021-22755 ‥ * Out-of-bounds reading (CWE-125) - CVE-2021-22753 , CVE-2021-22756 , CVE-2021-22757 ‥ * Accessing uninitialized pointers (CWE-824) - CVE-2021-22758 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2021-22759 ‥ * Freeing invalid pointers and references (CWE-763) - CVE-2021-22760 ‥ * Buffer error (CWE-119) - CVE-2021-22761 ‥ * Directory traversal (CWE-22) - CVE-2021-22762Modicon X80 ‥ * Information leakage vulnerability (CWE-200) - CVE-2021-22749The expected impact depends on the vulnerability, but it can be impacted as follows: IGSS ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Data is lost or code is executed when importing a file - CVE-2021-22750 , CVE-2021-22754 , CVE-2021-22758 , CVE-2021-22759 , CVE-2021-22760 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Information is stolen or arbitrary code is executed when a file is imported - CVE-2021-22751 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Information is stolen or code is executed when a file is imported - CVE-2021-22755 , CVE-2021-22756 , CVE-2021-22757 , CVE-2021-22761 ‥ * Fraudulent, crafted by a third party WSP (Workspace) Data is lost or code is executed when parsing a file - CVE-2021-22752 , CVE-2021-22753 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) , Or WSP (Workspace) Code is executed when the file is imported - CVE-2021-22762Modicon X80 ‥ * Crafted by a remote third party, HTTP Includes communication parameters used for telemetry when a request is received RTU Information is stolen regarding settings - CVE-2021-22749. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The Schneider Electric Interactive Graphical SCADA System (IGSS) is an advanced SCADA system for monitoring and controlling industrial processes

Trust: 2.25

sources: NVD: CVE-2021-22754 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-381228

AFFECTED PRODUCTS

vendor:schneider electricmodel:interactive graphical scada systemscope:lteversion:15.0.0.21140

Trust: 1.0

vendor:schneider electricmodel:modicon x80 bmxnor0200h rtuscope:lteversion:sv1.70 ir22 and earlier

Trust: 0.8

vendor:schneider electricmodel:igss definitionscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-001884 // NVD: CVE-2021-22754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22754
value: HIGH

Trust: 1.0

IPA: JVNDB-2021-001884
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-626
value: HIGH

Trust: 0.6

VULHUB: VHN-381228
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22754
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-381228
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22754
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2021-001884
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-381228 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-626 // NVD: CVE-2021-22754

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Buffer error (CWE-119) [IPA Evaluation ]

Trust: 0.8

problemtype: Out-of-bounds read (CWE-125) [IPA Evaluation ]

Trust: 0.8

problemtype: information leak (CWE-200) [IPA Evaluation ]

Trust: 0.8

problemtype: Path traversal (CWE-22) [IPA Evaluation ]

Trust: 0.8

problemtype: Use of freed memory (CWE-416) [IPA Evaluation ]

Trust: 0.8

problemtype: Freeing invalid pointers and references (CWE-763) [IPA Evaluation ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [IPA Evaluation ]

Trust: 0.8

problemtype: Accessing uninitialized pointers (CWE-824) [IPA Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-381228 // JVNDB: JVNDB-2021-001884 // NVD: CVE-2021-22754

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-626

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Embedded Web Server for Modicon X80 BMXNOR0200H RTU Moduleurl:https://igss.schneider-electric.com/igss/igssupdates/v150/IGSSUPDATE.ZIP

Trust: 0.8

title:Schneider Electric IGSS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153284

Trust: 0.6

sources: JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202106-626

EXTERNAL IDS

db:NVDid:CVE-2021-22754

Trust: 2.5

db:SCHNEIDERid:SEVD-2021-159-01

Trust: 1.7

db:ICS CERTid:ICSA-21-159-04

Trust: 1.4

db:ICS CERTid:ICSA-21-159-05

Trust: 0.8

db:JVNid:JVNVU94079949

Trust: 0.8

db:JVNDBid:JVNDB-2021-001884

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2048

Trust: 0.6

db:CS-HELPid:SB2021060921

Trust: 0.6

db:CNNVDid:CNNVD-202106-626

Trust: 0.6

db:CNVDid:CNVD-2021-42155

Trust: 0.1

db:VULHUBid:VHN-381228

Trust: 0.1

sources: VULHUB: VHN-381228 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-626 // NVD: CVE-2021-22754

REFERENCES

url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-01

Trust: 1.7

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04

Trust: 1.4

url:http://jvn.jp/cert/jvnvu94079949

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-05

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-22754

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2048

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060921

Trust: 0.6

sources: VULHUB: VHN-381228 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-626 // NVD: CVE-2021-22754

CREDITS

Kimiya, and Michael Heinzl separately reported these vulnerabilities to CISA., working with Trend Micro’s Zero Day Initiative

Trust: 0.6

sources: CNNVD: CNNVD-202106-626

SOURCES

db:VULHUBid:VHN-381228
db:JVNDBid:JVNDB-2021-001884
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-626
db:NVDid:CVE-2021-22754

LAST UPDATE DATE

2024-08-14T12:32:54.803000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-381228date:2021-06-15T00:00:00
db:JVNDBid:JVNDB-2021-001884date:2021-06-11T07:10:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-626date:2021-06-16T00:00:00
db:NVDid:CVE-2021-22754date:2021-06-15T18:57:01.507

SOURCES RELEASE DATE

db:VULHUBid:VHN-381228date:2021-06-11T00:00:00
db:JVNDBid:JVNDB-2021-001884date:2021-06-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-626date:2021-06-08T00:00:00
db:NVDid:CVE-2021-22754date:2021-06-11T16:15:09.743