CVE-2021-22704
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Exploitability: 3.9 / Impact: 5.2
Source: NVD
Description
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.
Affected (4)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.2.11 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Harmony Gk | All versions |
Schneider Electric Harmony Gto | All versions |
Schneider Electric Harmony Gtu | All versions |
Schneider Electric Harmony Gtux | All versions |
Schneider Electric Harmony Sto | All versions |
Schneider Electric Harmony Stu | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.2 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Harmony Gxu | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.0 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Harmony Scu | All versions |
References (2)
Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.