Lucene search

[email protected]CVE-2021-22704

HistorySep 02, 2021 - 5:15 p.m.

CVE-2021-22704

2021-09-0217:15:08

CWE-22

[email protected]

web.nvd.nist.gov

cve-2021-22704

cwe-22

harmony

hmi

vijeo designer

ecostruxure

ftp

denial of service

unauthorized access

security vulnerability

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.

Affected configurations

NVD

Node

schneider-electricvijeo_designerRange<6.2.11

AND

schneider-electricharmony_gkMatch-

schneider-electricharmony_gtoMatch-

schneider-electricharmony_gtuMatch-

schneider-electricharmony_gtuxMatch-

schneider-electricharmony_stoMatch-

schneider-electricharmony_stuMatch-

Node

schneider-electricvijeo_designerRange<1.2basic

AND

schneider-electricharmony_gxuMatch-

Node

schneider-electricecostruxure_machine_expertRange<2.0

schneider-electricecostruxure_machine_expertMatch2.0

AND

schneider-electricharmony_scuMatch-

CPENameOperatorVersion
schneider-electric:vijeo_designerschneider-electric vijeo designerlt6.2.11

CPE	Name	Operator	Version
schneider-electric:vijeo_designer	schneider-electric vijeo designer	lt	6.2.11

CNA Affected

[
  {
    "product": "Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0)"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

Related for CVE-2021-22704

cvelist1 nvd1 prion1