CVE-2021-22704

9.1CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Harmony/hmi Products Configured By Vijeo Designer (all Versions Prior To V6.2 Sp11 ), Vijeo Designer Basic (all Versions Prior To V1.2), Or Ecostruxure Machine Expert (all Versions Prior To V2.0)
Vendor: CVE Published:; 2 September 2021

Summary

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.

Affected Version(s)

Harmony/HMI Products Configured by Vijeo Designer (all prior to V6.2 SP11 ), Vijeo Designer Basic (all prior to V1.2), or EcoStruxure Machine Expert (all prior to V2.0) Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0)

References

http://download.schneider-electric.com/files?p_Doc_Ref=SE...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 2, 2021
Vulnerability Reserved
Jan 6, 2021

Collectors

NVD DatabaseMitre Database