CVE-2021-22817

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Harmony/magelis Ipc Series (all Versions), Vijeo Designer (all Versions Prior To V6.2 Sp11 Multiple Hotfix 4), Vijeo Designer Basic (all Versions Prior To V1.2.1)
Vendor: CVE Published:; 9 February 2022

Summary

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)

Affected Version(s)

Harmony/Magelis iPC Series (All ), Vijeo Designer (All prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All prior to V1.2.1) Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Jan 6, 2021

Collectors

NVD DatabaseMitre Database