CVE-2021-22741

EPSS 0.03%
Published 26.05.2021 20:15:09
Last modified 21.11.2024 05:50:34
Source cybersecurity@se.com
Teams watchlist Login
Open Login

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Clearscada

Schneider-electric ≫ Ecostruxure Geo Scada Expert 2019

Schneider-electric ≫ Ecostruxure Geo Scada Expert 2020 Version <= 83.7742.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.042

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-916 Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-07

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-22741

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22741

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22741

EUVD