Details of VAR-202106-0538

ID

VAR-202106-0538

CVE

CVE-2021-22760

TITLE

plural Schneider Electric Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-001884

DESCRIPTION

A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. Schneider Electric The following vulnerabilities exist in multiple products provided by the company. IGSS ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-22750 , CVE-2021-22751 , CVE-2021-22752 , CVE-2021-22754 , CVE-2021-22755 ‥ * Out-of-bounds reading (CWE-125) - CVE-2021-22753 , CVE-2021-22756 , CVE-2021-22757 ‥ * Accessing uninitialized pointers (CWE-824) - CVE-2021-22758 ‥ * Use of freed memory (Use-after-free) (CWE-416) - CVE-2021-22759 ‥ * Freeing invalid pointers and references (CWE-763) - CVE-2021-22760 ‥ * Buffer error (CWE-119) - CVE-2021-22761 ‥ * Directory traversal (CWE-22) - CVE-2021-22762Modicon X80 ‥ * Information leakage vulnerability (CWE-200) - CVE-2021-22749The expected impact depends on the vulnerability, but it can be impacted as follows: IGSS ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Data is lost or code is executed when importing a file - CVE-2021-22750 , CVE-2021-22754 , CVE-2021-22758 , CVE-2021-22759 , CVE-2021-22760 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Information is stolen or arbitrary code is executed when a file is imported - CVE-2021-22751 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) Information is stolen or code is executed when a file is imported - CVE-2021-22755 , CVE-2021-22756 , CVE-2021-22757 , CVE-2021-22761 ‥ * Fraudulent, crafted by a third party WSP (Workspace) Data is lost or code is executed when parsing a file - CVE-2021-22752 , CVE-2021-22753 ‥ * Fraudulent, crafted by a third party CGF (Configuration Group File) , Or WSP (Workspace) Code is executed when the file is imported - CVE-2021-22762Modicon X80 ‥ * Crafted by a remote third party, HTTP Includes communication parameters used for telemetry when a request is received RTU Information is stolen regarding settings - CVE-2021-22749. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. IGSS Definition is a primary program used by system designers. The program is designed to help system designers perform the following tasks: Build a model of the monitored process by using process diagrams. Connect the IGSS to the physical process component by assigning its unique PLC address

Trust: 2.25

sources: NVD: CVE-2021-22760 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-381234

AFFECTED PRODUCTS

vendor:	schneider electric	model:	interactive graphical scada system	scope:	lte	version:	15.0.0.21140	Trust: 1.0
vendor:	schneider electric	model:	modicon x80 bmxnor0200h rtu	scope:	lte	version:	sv1.70 ir22 and earlier	Trust: 0.8
vendor:	schneider electric	model:	igss definition	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-001884 // NVD: CVE-2021-22760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22760
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2021-001884
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-597
value:	HIGH
Trust: 0.6
VULHUB:	VHN-381234
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22760
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-381234
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22760
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA:	JVNDB-2021-001884
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-381234 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-597 // NVD: CVE-2021-22760

PROBLEMTYPE DATA

problemtype:	CWE-763	Trust: 1.1
problemtype:	Buffer error (CWE-119) [IPA Evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds read (CWE-125) [IPA Evaluation ]	Trust: 0.8
problemtype:	information leak (CWE-200) [IPA Evaluation ]	Trust: 0.8
problemtype:	Path traversal (CWE-22) [IPA Evaluation ]	Trust: 0.8
problemtype:	Use of freed memory (CWE-416) [IPA Evaluation ]	Trust: 0.8
problemtype:	Freeing invalid pointers and references (CWE-763) [IPA Evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [IPA Evaluation ]	Trust: 0.8
problemtype:	Accessing uninitialized pointers (CWE-824) [IPA Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-381234 // JVNDB: JVNDB-2021-001884 // NVD: CVE-2021-22760

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-597

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-597

PATCH

title:

Embedded Web Server for Modicon X80 BMXNOR0200H RTU Module

url:

https://igss.schneider-electric.com/igss/igssupdates/v150/IGSSUPDATE.ZIP

Trust: 0.8

sources: JVNDB: JVNDB-2021-001884

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22760	Trust: 2.5
db:	SCHNEIDER	id:	SEVD-2021-159-01	Trust: 1.7
db:	ICS CERT	id:	ICSA-21-159-04	Trust: 1.4
db:	ICS CERT	id:	ICSA-21-159-05	Trust: 0.8
db:	JVN	id:	JVNVU94079949	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001884	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2048	Trust: 0.6
db:	CS-HELP	id:	SB2021060921	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-597	Trust: 0.6
db:	CNVD	id:	CNVD-2021-42149	Trust: 0.1
db:	VULHUB	id:	VHN-381234	Trust: 0.1

sources: VULHUB: VHN-381234 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-597 // NVD: CVE-2021-22760

REFERENCES

url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-01	Trust: 1.7
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04	Trust: 1.4
url:	http://jvn.jp/cert/jvnvu94079949	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-159-05	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2048	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060921	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22760	Trust: 0.6

sources: VULHUB: VHN-381234 // JVNDB: JVNDB-2021-001884 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-597 // NVD: CVE-2021-22760

CREDITS

Kimiya, and Michael Heinzl separately reported these vulnerabilities to CISA., working with Trend Micro’s Zero Day Initiative

Trust: 0.6

sources: CNNVD: CNNVD-202106-597

SOURCES

db:	VULHUB	id:	VHN-381234
db:	JVNDB	id:	JVNDB-2021-001884
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-597
db:	NVD	id:	CVE-2021-22760

LAST UPDATE DATE

2024-08-14T12:25:23.913000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-381234	date:	2021-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-001884	date:	2021-06-11T07:10:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-597	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-22760	date:	2021-06-15T19:12:35.493

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-381234	date:	2021-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-001884	date:	2021-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-597	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2021-22760	date:	2021-06-11T16:15:10.153