CVE-2021-22705

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Harmony Hmi Products Configured By Vijeo Designer (all Versions Prior To V6.2 Sp11 ) Or Ecostruxure Machine Expert (all Versions Prior To V2.0)
Vendor: CVE Published:; 26 May 2021

Summary

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert

Affected Version(s)

Harmony HMI Products Configured by Vijeo Designer (all prior to V6.2 SP11 ) or EcoStruxure Machine Expert (all prior to V2.0) Harmony HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ) or EcoStruxure Machine Expert (all versions prior to V2.0)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
Jan 6, 2021

Collectors

NVD DatabaseMitre Database