March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Multiple VMware Security Vulnerabilities
July 14, 2021
Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities
July 14, 2021
Rewterz Threat Advisory – Multiple VMware Security Vulnerabilities
July 14, 2021
Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities
July 14, 2021
Severity
High
Analysis Summary
CVE-2021-22778
An insufficiently protected credentials vulnerability exists that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.
CVE-2021-22779
An authentication bypass by spoofing vulnerability exists that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.
CVE-2020-12525
M&M Software fdtCONTAINER component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2021-22780
An insufficiently protected credentials vulnerability exists that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass password protection and be able to view and modify a project file.
CVE-2021-22781
An insufficiently protected credentials vulnerability exists that could cause a leak of SMTP credentials used for mailbox authentication when an attacker can access a project file.
CVE-2021-22782
Missing encryption of sensitive data vulnerability exists that could cause an information leak allowing disclosure of network and process information, credentials, or intellectual property when an attacker can access a project file.
CVE-2021-22784
An improper authentication issue exists and could allow an attacker to use a crafted webpage that can enable remote access to the system.
Impact
- Credential Theft
- Bypass Security
- Remote Access
- Information Disclosure
- Authentication Bypass
Affected Vendors
Schneider Electric
Affected Products
- EcoStruxure Control Expert
- all versions prior to v15.0 SP1
- EcoStruxure Control Expert v15.0 SP1
- EcoStruxure Process Expert, all versions
- SCADAPack RemoteConnect for x70
- Modicon M580 CPU (part numbers BMEP* and BMEH) Modicon M340 CPU (part numbers BMXP34)
- C-Bus Toolkit Versions 1.15.8 and prior
- SCADAPack 470 474 570 574 and 575 RTUs all versions
Remediation
Visit the website for more information on the affected products, patches, and updates. https://us-cert.cisa.gov/ics/advisories