CVE-2021-22704
Summary
| CVE | CVE-2021-22704 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-09-02 17:15:00 UTC |
| Updated | 2021-09-20 12:06:00 UTC |
| Description | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Schneider-electric | Ecostruxure Machine Expert | All | All | All | All |
| Application | Schneider-electric | Ecostruxure Machine Expert | 2.0 | All | All | All |
| Hardware | Schneider-electric | Harmony Gk | - | All | All | All |
| Hardware | Schneider-electric | Harmony Gto | - | All | All | All |
| Hardware | Schneider-electric | Harmony Gtu | - | All | All | All |
| Hardware | Schneider-electric | Harmony Gtux | - | All | All | All |
| Hardware | Schneider-electric | Harmony Gxu | - | All | All | All |
| Hardware | Schneider-electric | Harmony Scu | - | All | All | All |
| Hardware | Schneider-electric | Harmony Sto | - | All | All | All |
| Hardware | Schneider-electric | Harmony Stu | - | All | All | All |
| Application | Schneider-electric | Vijeo Designer | All | All | All | All |
| Application | Schneider-electric | Vijeo Designer | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| download.schneider-electric.com/files | MISC | download.schneider-electric.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590814 Schneider Electric Harmony/Magelis HMI Products configured by Vijeo Designer, Vijeo Designer Basic and EcoStruxure Machine Expert Vulnerability (SEVD-2020-222-01)