CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-22704

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile13.70th
Published2021年9月2日
Last Modified2024年11月21日

Vulnerability Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.

Affected Platforms (CPE)

📦
Schneider Electric

Vijeo Designer

< 6.2.11
📦
Schneider Electric

Vijeo Designer

< 1.2
📦
Schneider Electric

Ecostruxure Machine Expert

< 2.0
📦
Schneider Electric

Ecostruxure Machine Expert

= 2.0

References & Advisories

🔗 http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01
🔗 http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01

相關漏洞威脅

CVE-2020-75018.8

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designe...

CVE-2020-74907.8

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 ...

CVE-2021-228177.8

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation direct...

CVE-2021-227057.8

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or...