Improper Memory Buffer Management in Schneider Electric's Vijeo Designer and EcoStruxure Machine Expert
CVE-2021-22705

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Harmony Hmi Products Configured By Vijeo Designer (all Versions Prior To V6.2 Sp11 ) Or Ecostruxure Machine Expert (all Versions Prior To V2.0)
Vendor: CVE Published:; 26 May 2021

Summary

This vulnerability arises from improper management of memory buffers in Schneider Electric's Vijeo Designer and EcoStruxure Machine Expert software. An attacker could exploit this flaw to disrupt normal operations, potentially leading to unintended denial of service or unauthorized access to sensitive system information. Users interacting directly with the driver associated with these products may be the most affected, emphasizing the importance of regular software updates and security best practices to mitigate risks.

Affected Version(s)

Harmony HMI Products Configured by Vijeo Designer (all prior to V6.2 SP11 ) or EcoStruxure Machine Expert (all prior to V2.0) Harmony HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ) or EcoStruxure Machine Expert (all versions prior to V2.0)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
Jan 6, 2021