Vulnerabilities > CVE-2021-22704 - Unspecified vulnerability in Schneider-Electric Ecostruxure Machine Expert and Vijeo Designer

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

schneider-electric

critical

NVD

Published: 2021-09-02

Updated: 2024-11-21

Summary

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Vijeo Designer - Schneider Electric Vijeo Designer 1.0 Schneider Electric Vijeo Designer 1.1 Schneider Electric Vijeo Designer 1.2.1 Schneider Electric Vijeo Designer 6.2 Schneider Electric Vijeo Designer 6.2.10 Schneider Electric Ecostruxure Machine Expert - Schneider Electric Ecostruxure Machine Expert 2.0	22
Hardware	Schneider-Electric Schneider Electric Harmony GK - Schneider Electric Harmony GTO - Schneider Electric Harmony GTU - Schneider Electric Harmony Gtux - Schneider Electric Harmony STO - Schneider Electric Harmony STU - Schneider Electric Harmony GXU - Schneider Electric Harmony SCU -	8

Summary

Vulnerable Configurations

References