Incorrect Default Permissions in Harmony and Vijeo Designer by Schneider Electric
CVE-2021-22817

7.8HIGH

Key Information:

Vendor

Schneider Electric
Status
Harmony/magelis Ipc Series (all Versions), Vijeo Designer (all Versions Prior To V6.2 Sp11 Multiple Hotfix 4), Vijeo Designer Basic (all Versions Prior To V1.2.1)
Vendor
CVE Published:
9 February 2022

What is CVE-2021-22817?

A vulnerability exists in Schneider Electric's Harmony and Vijeo Designer products due to incorrect default permissions. This misconfiguration can lead to unauthorized access to the base installation directory, potentially allowing an attacker to perform local privilege escalation. Affected products include all versions of Harmony/Magelis iPC Series and earlier versions of Vijeo Designer and Vijeo Designer Basic. Users are advised to review their system configurations and apply necessary updates to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Harmony/Magelis iPC Series (All ), Vijeo Designer (All prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All prior to V1.2.1) Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.