CyberSec.Space Logo
Back to CVE Browser

CVE-2021-22704

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile13.70th
PublishedSep 2, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.

Affected Platforms (CPE)

πŸ“¦
Schneider Electric

Vijeo Designer

< 6.2.11
πŸ“¦
Schneider Electric

Vijeo Designer

< 1.2
πŸ“¦
Schneider Electric

Ecostruxure Machine Expert

< 2.0
πŸ“¦
Schneider Electric

Ecostruxure Machine Expert

= 2.0

References & Advisories

πŸ”— http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01
πŸ”— http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01

Related Vulnerabilities

CVE-2020-75018.8

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designe...

CVE-2020-74907.8

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 ...

CVE-2021-228177.8

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation direct...

CVE-2021-227057.8

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or...