VDB
CVE-2021-22741
CVE-2021-22741
PUBLISHED
CVSS 6.699999809265137 MEDIUM
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes.
EPSS 0.03% · 7.8th percentile
Risk Scores
CVSS 3.1
6.699999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.03%
7.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior) | ClearSCADA,EcoStruxure Geo SCADA Expert 2019 and EcoStruxure Geo SCADA Expert 2020(see security notification for affected versions) |
| schneider-electric | ecostruxure_geo_scada_expert_2020 | 0 |
| schneider-electric | ecostruxure_geo_scada_expert_2019 | |
| schneider-electric | clearscada |
Exploit Intelligence
Timeline
- May 26, 2021 CVE Published
- May 27, 2021 EPSS Score
- Jul 29, 2021 EPSS Score
- Sep 28, 2021 EPSS Score
- Nov 29, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Mar 31, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 31, 2022 EPSS Score
- Aug 2, 2022 EPSS Score
- Oct 2, 2022 EPSS Score
- Dec 2, 2022 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-07 url
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-02 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-01 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-06 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-05 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-22741 advisory