CVE-2021-22817

Published: Feb 9, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)

Affected (49)

Products: Schneider Electric: Hmibmuhi29d2801 Firmware, Hmibmusi29d2801 Firmware, Hmibmuci29d2w01 Firmware, Hmibmu0i29d2001 Firmware, Hmibmu0i29d200a Firmware, Hmibmuhi29d4801 Firmware, Hmibmusi29d4801 Firmware, Hmibmuci29d4w01 Firmware, Hmibmu0i29d4001 Firmware, Hmibmu0i29d400a Firmware, Hmibmu0i29di00a Firmware, Hmibmu0i29de00a Firmware, Hmibmphi74d2801 Firmware, Hmibmpsi74d2801 Firmware, Hmibmp0i74d2001 Firmware, Hmibmp0i74d200a Firmware, Hmibmphi74d4801 Firmware, Hmibmpsi74d4801 Firmware, Hmibmp0i74d4001 Firmware, Hmibmp0i74d400a Firmware, Hmibmp0i74di00a Firmware, Hmibmp0i74de00a Firmware, Hmibscea53d1l01 Firmware, Hmibmoma5ddf10l Firmware, Hmibmoma5dd1e01 Firmware, Hmibmoma5dd1101 Firmware, Hmibmo0a5ddf10a Firmware, Hmibmo0a5ddf101 Firmware, Hmibmo0a5dd1001 Firmware, Hmibmiea5dd1e01 Firmware, Hmibmiea5dd110l Firmware, Hmibmiea5dd1101 Firmware, Hmibmiea5dd100a Firmware, Hmibmiea5dd1001 Firmware, Hmibscea53d1l0t Firmware, Hmibscea53d1l0a Firmware, Vijeo Designer

Schneider Electric

37 products

Hmibmuhi29d2801 Firmware

Hmibmusi29d2801 Firmware

Hmibmuci29d2w01 Firmware

Hmibmu0i29d2001 Firmware

Hmibmu0i29d200a Firmware

Hmibmuhi29d4801 Firmware

Hmibmusi29d4801 Firmware

Hmibmuci29d4w01 Firmware

Hmibmu0i29d4001 Firmware

Hmibmu0i29d400a Firmware

Hmibmu0i29di00a Firmware

Hmibmu0i29de00a Firmware

Hmibmphi74d2801 Firmware

Hmibmpsi74d2801 Firmware

Hmibmp0i74d2001 Firmware

Hmibmp0i74d200a Firmware

Hmibmphi74d4801 Firmware

Hmibmpsi74d4801 Firmware

Hmibmp0i74d4001 Firmware

Hmibmp0i74d400a Firmware

Hmibmp0i74di00a Firmware

Hmibmp0i74de00a Firmware

Hmibscea53d1l01 Firmware

Hmibmoma5ddf10l Firmware

Hmibmoma5dd1e01 Firmware

Hmibmoma5dd1101 Firmware

Hmibmo0a5ddf10a Firmware

Hmibmo0a5ddf101 Firmware

Hmibmo0a5dd1001 Firmware

Hmibmiea5dd1e01 Firmware

Hmibmiea5dd110l Firmware

Hmibmiea5dd1101 Firmware

Hmibmiea5dd100a Firmware

Hmibmiea5dd1001 Firmware

Hmibscea53d1l0t Firmware

Hmibscea53d1l0a Firmware

Vijeo Designer

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmuhi29d2801 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmuhi29d2801	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmusi29d2801 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmusi29d2801	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmuci29d2w01 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmuci29d2w01	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmu0i29d2001 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmu0i29d2001	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmu0i29d200a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmu0i29d200a	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmuhi29d4801 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmuhi29d4801	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmusi29d4801 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmusi29d4801	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmuci29d4w01 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmuci29d4w01	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmu0i29d4001 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmu0i29d4001	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmu0i29d400a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmu0i29d400a	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmu0i29di00a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmu0i29di00a	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmu0i29de00a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmu0i29de00a	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmphi74d2801 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmphi74d2801	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmpsi74d2801 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmpsi74d2801	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmp0i74d2001 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmp0i74d2001	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmp0i74d200a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmp0i74d200a	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmphi74d4801 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmphi74d4801	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmpsi74d4801 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmpsi74d4801	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmp0i74d4001 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmp0i74d4001	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmp0i74d400a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmp0i74d400a	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmp0i74di00a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmp0i74di00a	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmp0i74de00a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmp0i74de00a	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibscea53d1l01 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibscea53d1l01	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmoma5ddf10l Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmoma5ddf10l	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmoma5dd1e01 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmoma5dd1e01	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmoma5dd1101 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmoma5dd1101	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmo0a5ddf10a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmo0a5ddf10a	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmo0a5ddf101 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmo0a5ddf101	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmo0a5dd1001 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmo0a5dd1001	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmiea5dd1e01 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmiea5dd1e01	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmiea5dd110l Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmiea5dd110l	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmiea5dd1101 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmiea5dd1101	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmiea5dd100a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmiea5dd100a	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibmiea5dd1001 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibmiea5dd1001	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibscea53d1l0t Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibscea53d1l0t	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibscea53d1l0a Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Hmibscea53d1l0a	All versions

Configuration K

13 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Vijeo Designer	Before 6.2
Schneider Electric Vijeo Designer	Before 1.2.1
Schneider Electric Vijeo Designer	Version 6.2
Schneider Electric Vijeo Designer	Version 6.2 sp10
Schneider Electric Vijeo Designer	Version 6.2 sp11
Schneider Electric Vijeo Designer	Version 6.2 sp1
Schneider Electric Vijeo Designer	Version 6.2 sp2
Schneider Electric Vijeo Designer	Version 6.2 sp3.1
Schneider Electric Vijeo Designer	Version 6.2 sp5.1
Schneider Electric Vijeo Designer	Version 6.2 sp6
Schneider Electric Vijeo Designer	Version 6.2 sp7
Schneider Electric Vijeo Designer	Version 6.2 sp8
Schneider Electric Vijeo Designer	Version 6.2 sp9

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06

Source: cybersecurity@se.com

Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.