Sign-up

ID

VAR-202106-0535


CVE

CVE-2021-22757


TITLE

plural  Schneider Electric  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-001884

DESCRIPTION

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition. Schneider Electric The following vulnerabilities exist in multiple products provided by the company. IGSS ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-22750 , CVE-2021-22751 , CVE-2021-22752 , CVE-2021-22754 , CVE-2021-22755 ‥ * Out-of-bounds reading (CWE-125) - CVE-2021-22753 , CVE-2021-22756 , CVE-2021-22757 ‥ * Accessing uninitialized pointers (CWE-824) - CVE-2021-22758 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2021-22759 ‥ * Freeing invalid pointers and references (CWE-763) - CVE-2021-22760 ‥ * Buffer error (CWE-119) - CVE-2021-22761 ‥ * Directory traversal (CWE-22) - CVE-2021-22762Modicon X80 ‥ * Information leakage vulnerability (CWE-200) - CVE-2021-22749The expected impact depends on the vulnerability, but it can be impacted as follows: IGSS ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Data is lost or code is executed when importing a file - CVE-2021-22750 , CVE-2021-22754 , CVE-2021-22758 , CVE-2021-22759 , CVE-2021-22760 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Information is stolen or arbitrary code is executed when a file is imported - CVE-2021-22751 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Information is stolen or code is executed when a file is imported - CVE-2021-22755 , CVE-2021-22756 , CVE-2021-22757 , CVE-2021-22761 ‥ * Fraudulent, crafted by a third party WSP (Workspace) Data is lost or code is executed when parsing a file - CVE-2021-22752 , CVE-2021-22753 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) , Or WSP (Workspace) Code is executed when the file is imported - CVE-2021-22762Modicon X80 ‥ * Crafted by a remote third party, HTTP Includes communication parameters used for telemetry when a request is received RTU Information is stolen regarding settings - CVE-2021-22749. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. An attacker can use this vulnerability to cause remote code execution or data loss

Trust: 2.25

sources: NVD: CVE-2021-22757 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-381231

AFFECTED PRODUCTS

vendor:schneider electricmodel:interactive graphical scada systemscope:lteversion:15.0.0.21140

Trust: 1.0

vendor:schneider electricmodel:modicon x80 bmxnor0200h rtuscope:lteversion:sv1.70 ir22 and earlier

Trust: 0.8

vendor:schneider electricmodel:igss definitionscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-001884 // NVD: CVE-2021-22757

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22757
value: HIGH

Trust: 1.0

IPA: JVNDB-2021-001884
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-616
value: HIGH

Trust: 0.6

VULHUB: VHN-381231
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22757
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-381231
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22757
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2021-001884
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-381231 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-616 // NVD: CVE-2021-22757

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Buffer error (CWE-119) [IPA Evaluation ]

Trust: 0.8

problemtype: Out-of-bounds read (CWE-125) [IPA Evaluation ]

Trust: 0.8

problemtype: information leak (CWE-200) [IPA Evaluation ]

Trust: 0.8

problemtype: Path traversal (CWE-22) [IPA Evaluation ]

Trust: 0.8

problemtype: Use of freed memory (CWE-416) [IPA Evaluation ]

Trust: 0.8

problemtype: Freeing invalid pointers and references (CWE-763) [IPA Evaluation ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [IPA Evaluation ]

Trust: 0.8

problemtype: Accessing uninitialized pointers (CWE-824) [IPA Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-381231 // JVNDB: JVNDB-2021-001884 // NVD: CVE-2021-22757

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-616

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Embedded Web Server for Modicon X80 BMXNOR0200H RTU Moduleurl:https://igss.schneider-electric.com/igss/igssupdates/v150/IGSSUPDATE.ZIP

Trust: 0.8

title:Schneider Electric IGSS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153759

Trust: 0.6

sources: JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202106-616

EXTERNAL IDS

db:NVDid:CVE-2021-22757

Trust: 2.5

db:SCHNEIDERid:SEVD-2021-159-01

Trust: 1.7

db:ICS CERTid:ICSA-21-159-04

Trust: 1.4

db:ICS CERTid:ICSA-21-159-05

Trust: 0.8

db:JVNid:JVNVU94079949

Trust: 0.8

db:JVNDBid:JVNDB-2021-001884

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2048

Trust: 0.6

db:CS-HELPid:SB2021060921

Trust: 0.6

db:CNNVDid:CNNVD-202106-616

Trust: 0.6

db:CNVDid:CNVD-2021-42152

Trust: 0.1

db:VULHUBid:VHN-381231

Trust: 0.1

sources: VULHUB: VHN-381231 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-616 // NVD: CVE-2021-22757

REFERENCES

url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-01

Trust: 1.7

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04

Trust: 1.4

url:http://jvn.jp/cert/jvnvu94079949

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-05

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-22757

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2048

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060921

Trust: 0.6

sources: VULHUB: VHN-381231 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-616 // NVD: CVE-2021-22757

CREDITS

Kimiya, and Michael Heinzl separately reported these vulnerabilities to CISA., working with Trend Micro’s Zero Day Initiative

Trust: 0.6

sources: CNNVD: CNNVD-202106-616

SOURCES

db:VULHUBid:VHN-381231
db:JVNDBid:JVNDB-2021-001884
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-616
db:NVDid:CVE-2021-22757

LAST UPDATE DATE

2024-08-14T12:43:29.827000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-381231date:2021-06-15T00:00:00
db:JVNDBid:JVNDB-2021-001884date:2021-06-11T07:10:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-616date:2021-06-16T00:00:00
db:NVDid:CVE-2021-22757date:2021-06-15T18:25:10.727

SOURCES RELEASE DATE

db:VULHUBid:VHN-381231date:2021-06-11T00:00:00
db:JVNDBid:JVNDB-2021-001884date:2021-06-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-616date:2021-06-08T00:00:00
db:NVDid:CVE-2021-22757date:2021-06-11T16:15:09.950