CVE-2021-22797

Summary

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Control Expertunspecified < V15.0 SP1affected
Schneider ElectricEcoStruxure Process Expertunspecified < 2020affected
Schneider ElectricSCADAPack RemoteConnect for x70All versionsaffected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References