Improper Memory Buffer Management in Schneider Electric's Vijeo Designer and EcoStruxure Machine Expert
CVE-2021-22705

7.8HIGH

Key Information:

Vendor

Schneider Electric
Status
Harmony Hmi Products Configured By Vijeo Designer (all Versions Prior To V6.2 Sp11 ) Or Ecostruxure Machine Expert (all Versions Prior To V2.0)
Vendor
CVE Published:
26 May 2021

What is CVE-2021-22705?

This vulnerability arises from improper management of memory buffers in Schneider Electric's Vijeo Designer and EcoStruxure Machine Expert software. An attacker could exploit this flaw to disrupt normal operations, potentially leading to unintended denial of service or unauthorized access to sensitive system information. Users interacting directly with the driver associated with these products may be the most affected, emphasizing the importance of regular software updates and security best practices to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Harmony HMI Products Configured by Vijeo Designer (all prior to V6.2 SP11 ) or EcoStruxure Machine Expert (all prior to V2.0) Harmony HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ) or EcoStruxure Machine Expert (all versions prior to V2.0)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.