Login Sign Up

CVE-2021-22663

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2021-22663 is an out-of-bounds read vulnerability in Cscape software that allows arbitrary code execution when parsing malicious project files. Attackers can exploit this to run code with the same privileges as the Cscape process. All users running Cscape versions prior to 9.90 SP3.5 are affected.

💻 Affected Systems

Products:
  • Cscape
Versions: All versions prior to 9.90 SP3.5
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the project file parser; exploitation requires user interaction to open malicious files.

📦 What is this software?

Cscape by Hornerautomation

View all CVEs affecting Cscape →

Cscape by Siemens

View all CVEs affecting Cscape →

Cscape by Siemens

View all CVEs affecting Cscape →

Cscape by Siemens

View all CVEs affecting Cscape →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to industrial control system manipulation, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or system compromise when users open malicious project files, potentially disrupting industrial operations.

🟢

If Mitigated

Limited impact with proper network segmentation and user privilege restrictions, potentially only causing application crashes.

🌐 Internet-Facing: LOW - Cscape is typically used in industrial environments not directly internet-facing, though project files could be delivered via email or web.
🏢 Internal Only: HIGH - Within industrial networks, this vulnerability poses significant risk due to potential impact on control systems and operational technology.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious project files; no public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.90 SP3.5 or later

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-035-02

Restart Required: Yes

Instructions:

1. Download Cscape version 9.90 SP3.5 or later from official Eaton website. 2. Close all Cscape instances. 3. Run the installer with administrative privileges. 4. Follow installation prompts. 5. Restart system if prompted.

🔧 Temporary Workarounds

Restrict project file sources

all

Only open project files from trusted sources and implement file validation procedures.

User privilege reduction

windows

Run Cscape with limited user privileges to reduce impact of successful exploitation.

🧯 If You Can't Patch

  • Implement network segmentation to isolate Cscape systems from critical networks
  • Deploy application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check Cscape version via Help > About menu; versions below 9.90 SP3.5 are vulnerable.

Check Version:

Not applicable - check via application GUI Help > About

Verify Fix Applied:

Verify version is 9.90 SP3.5 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when opening project files
  • Unusual process creation from Cscape.exe

Network Indicators:

  • Unexpected network connections from Cscape process
  • File downloads to Cscape systems

SIEM Query:

Process Creation where Image contains 'Cscape.exe' and CommandLine contains unusual parameters

📊 Metadata

CVE ID: CVE-2021-22663
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: February 9, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22663, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)