CVE-2021-22752 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2021-22752?

CVE-2021-22752 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code or cause data loss by exploiting an out-of-bounds write flaw in Schneider Electric's IGSS Definition software. Attackers can achieve this by tricking users into opening malicious workspace files. Organizations using IGSS Definition versions up to V15.0.0.21140 are affected.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code or cause data loss by exploiting an out-of-bounds write flaw in Schneider Electric's IGSS Definition software. Attackers can achieve this by tricking users into opening malicious workspace files. Organizations using IGSS Definition versions up to V15.0.0.21140 are affected.

💻 Affected Systems

Products:

Schneider Electric IGSS Definition (Def.exe)

Versions: V15.0.0.21140 and prior versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing malicious WSP files; requires user interaction to open files.

📦 What is this software?

Interactive Graphical Scada System by Schneider Electric

View all CVEs affecting Interactive Graphical Scada System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with SYSTEM/administrator privileges leading to complete system compromise, data exfiltration, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or denial of service through application crashes when users open malicious WSP files.

🟢

If Mitigated

Limited impact with proper network segmentation, application whitelisting, and user training preventing malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious files; no public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V15.0.0.21141 or later

Vendor Advisory: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01

Restart Required: Yes

Instructions:

1. Download updated version from Schneider Electric portal. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart system. 5. Verify version is V15.0.0.21141 or later.

🔧 Temporary Workarounds

Restrict WSP file execution

windows

Block execution of WSP files via application control policies

Using Group Policy or endpoint protection to block *.wsp file execution

User training and awareness

all

Train users to avoid opening untrusted WSP files

🧯 If You Can't Patch

Implement network segmentation to isolate IGSS systems from critical networks
Deploy application whitelisting to prevent unauthorized WSP file execution

🔍 How to Verify

Check if Vulnerable:

Check IGSS Definition version via Help > About menu or examine file properties of Def.exe

Check Version:

wmic datafile where name="C:\\Program Files\\IGSS\\Def.exe" get version

Verify Fix Applied:

Verify version is V15.0.0.21141 or later in Help > About menu

📡 Detection & Monitoring

Log Indicators:

Application crashes of Def.exe
Unusual process creation from Def.exe
Failed file parsing attempts

Network Indicators:

Unusual outbound connections from IGSS systems
File transfers to/from IGSS workstations

SIEM Query:

source="windows" AND process="Def.exe" AND (event_id=1000 OR event_id=1001)

📊 Metadata

CVE ID: CVE-2021-22752

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: June 11, 2021

Last Updated: November 21, 2024

🔗 References

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 Vendor Advisory
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22752, you might also want to check these: