CRITICAL🇵🇱 Wersja polska

CVE-2021-22704

CVSS 9.1v3.1pub. 2021-09-02upd. 2024-11-21

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Schneider Electric Ecostruxure Machine Expert

    APP
    Schneider-Electric
    2.0< 2.0
  • Schneider Electric Harmony Gk

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Harmony Gto

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Harmony Gtu

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Harmony Gtux

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Harmony Gxu

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Harmony Scu

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Harmony Sto

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Harmony Stu

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Vijeo Designer

    APP
    Schneider-Electric
    < 1.2< 6.2.11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoSPath Traversal
CWE
References

Related vulnerabilities

CVE-2020-7489CRITICAL9.8ten sam produkt

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') v...

CVE-2020-7487CRITICAL9.8ten sam produkt

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker ...

CVE-2024-8306HIGH7.8ten sam produkt

CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of conf...

CVE-2021-22817HIGH7.8ten sam produkt

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base...

CVE-2021-22705HIGH7.8ten sam produkt

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause ...