CVE-2021-22797
published 2022-04-13CVE-2021-22797: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | ecostruxure_control_expert | < 15.1 | 15.1 |
| schneider-electric | ecostruxure_process_expert | < 2021 | 2021 |
| schneider_electric | ecostruxure_control_expert | >= unspecified < V15.0 SP1 | V15.0 SP1 |
| schneider_electric | ecostruxure_process_expert | >= unspecified < 2020 | 2020 |
| schneider_electric | scadapack_remoteconnect_for_x70 | — | — |