CVE-2021-22704
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.
Una CWE-22: Una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido se presenta en los productos Harmony/HMI Configurados por Vijeo Designer (todas las versiones anteriores a V6.2 SP11 ), Vijeo Designer Basic (todas las versiones anteriores a V1.2) o EcoStruxure Machine Expert (todas las versiones anteriores a V2.0) que podría causar una denegación de servicio o un acceso no autorizado a la información del sistema cuando se conecta al Harmony HMI a través de FTP
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-06 CVE Reserved
- 2021-09-02 CVE Published
- 2024-05-18 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01 | 2021-09-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Vijeo Designer Search vendor "Schneider-electric" for product "Vijeo Designer" | < 6.2.11 Search vendor "Schneider-electric" for product "Vijeo Designer" and version " < 6.2.11" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Harmony Gk Search vendor "Schneider-electric" for product "Harmony Gk" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Vijeo Designer Search vendor "Schneider-electric" for product "Vijeo Designer" | < 6.2.11 Search vendor "Schneider-electric" for product "Vijeo Designer" and version " < 6.2.11" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Harmony Gto Search vendor "Schneider-electric" for product "Harmony Gto" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Vijeo Designer Search vendor "Schneider-electric" for product "Vijeo Designer" | < 6.2.11 Search vendor "Schneider-electric" for product "Vijeo Designer" and version " < 6.2.11" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Harmony Gtu Search vendor "Schneider-electric" for product "Harmony Gtu" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Vijeo Designer Search vendor "Schneider-electric" for product "Vijeo Designer" | < 6.2.11 Search vendor "Schneider-electric" for product "Vijeo Designer" and version " < 6.2.11" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Harmony Gtux Search vendor "Schneider-electric" for product "Harmony Gtux" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Vijeo Designer Search vendor "Schneider-electric" for product "Vijeo Designer" | < 6.2.11 Search vendor "Schneider-electric" for product "Vijeo Designer" and version " < 6.2.11" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Harmony Sto Search vendor "Schneider-electric" for product "Harmony Sto" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Vijeo Designer Search vendor "Schneider-electric" for product "Vijeo Designer" | < 6.2.11 Search vendor "Schneider-electric" for product "Vijeo Designer" and version " < 6.2.11" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Harmony Stu Search vendor "Schneider-electric" for product "Harmony Stu" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Vijeo Designer Search vendor "Schneider-electric" for product "Vijeo Designer" | < 1.2 Search vendor "Schneider-electric" for product "Vijeo Designer" and version " < 1.2" | basic |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Harmony Gxu Search vendor "Schneider-electric" for product "Harmony Gxu" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Machine Expert Search vendor "Schneider-electric" for product "Ecostruxure Machine Expert" | < 2.0 Search vendor "Schneider-electric" for product "Ecostruxure Machine Expert" and version " < 2.0" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Harmony Scu Search vendor "Schneider-electric" for product "Harmony Scu" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Machine Expert Search vendor "Schneider-electric" for product "Ecostruxure Machine Expert" | 2.0 Search vendor "Schneider-electric" for product "Ecostruxure Machine Expert" and version "2.0" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Harmony Scu Search vendor "Schneider-electric" for product "Harmony Scu" | - | - |
Safe
|