VDB

CVE-2021-22741

CVE-2021-22741 PUBLISHED CVSS 6.699999809265137 MEDIUM

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes.

EPSS 0.03% · 7.8th percentile

Risk Scores

CVSS 3.1
6.699999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.03%
7.8th percentile

Affected Products

VendorProductVersions
n/aClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior)ClearSCADA,EcoStruxure Geo SCADA Expert 2019 and EcoStruxure Geo SCADA Expert 2020(see security notification for affected versions)
schneider-electricecostruxure_geo_scada_expert_20200
schneider-electricecostruxure_geo_scada_expert_2019
schneider-electricclearscada

Timeline

  • May 26, 2021 CVE Published
  • May 27, 2021 EPSS Score
  • Jul 29, 2021 EPSS Score
  • Sep 28, 2021 EPSS Score
  • Nov 29, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Mar 31, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 31, 2022 EPSS Score
  • Aug 2, 2022 EPSS Score
  • Oct 2, 2022 EPSS Score
  • Dec 2, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›