CVE-2021-22817

2022-02-0922:05:12

CWE-276

schneider

www.cve.org

cwe-276

unauthorized access

local privilege escalation

affected product

harmony/magelis ipc series

vijeo designer

AI Score

7.7

Confidence

High

EPSS

Percentile

14.1%

JSON

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)

CNA Affected

[
  {
    "product": "Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06