CVE-2021-22817

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series All Versions, Vijeo Designer All Versions prior to V6.2 SP11 Multiple HotFix 4,...

CVE-2021-22817

CVE-2021-22817 affects Schneider Electric Harmony/Magelis iPC Series, Vijeo Designer (pre V6.2 SP11 HotFix 4), and Vijeo Designer Basic (pre V1.2.1). The root cause is a CWE-276 Incorrect Default Permissions that can allow unauthorized access to the base installation directory, enabling local pri...

Schneider Electric 多款产品安全漏洞

Schneider Electric Vijeo Designer Basic and Schneider Electric Vijeo Designer are both a suite of programming and design software for HMIs Human Machine Interfaces from Schneider Electric, France. A security vulnerability exists in a number of Schneider Electric products, which can be exploited b...

多款 Schneider Electric 产品路径遍历漏洞

Schneider Electric EcoStruxure Machine Expert-Basic and others are products of Schneider Electric, France.Schneider Electric EcoStruxure Machine Expert-Basic is a PLC configuration application. Schneider Electric EcoStruxure Machine Expert-Basic is a PLC configuration application program.Schneide...

CVE-2020-7501

CVE-2020-7501 affects Schneider Electric’s Vijeo Designer Basic (V1.1 HotFix 16 and earlier) and Vijeo Designer (V6.2 SP9 and earlier). The vulnerability is a CWE-798 hard-coded credentials issue that could enable unauthorized read and write during project or firmware download/upload operations i...

CVE-2020-7490

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic V1.1 HotFix 15 and prior and Vijeo Designer V6.9 SP9 and prior, which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product...