Rewterz Threat Advisory – ICS : Schneider Electric EcoStruxure and SCADAPack
Severity
High
Analysis Summary
CVE-2021-22796
When a malicious project file is loaded on the engineering workstation software, it deploys a malicious script to execute arbitrary code in unauthorized locations.
Impact
Code Execution
Affected Vendors
Schneider Electric
Affected Products
EcoStruxure Control Expert: All versions including former Unity Pro
EcoStruxure Process Expert: All versions including former HDCS
SCADAPack RemoteConnect for x70: All versions
Remediation
Refer to ICS Advisory for the patch, upgrade, or suggested workaround information.