Vulnerability Details CVE-2021-22704
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.3%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
Products affected by CVE-2021-22704
-
cpe:2.3:a:schneider-electric:ecostruxure_machine_expert:-
-
cpe:2.3:a:schneider-electric:ecostruxure_machine_expert:2.0
-
cpe:2.3:a:schneider-electric:vijeo_designer:-
-
cpe:2.3:a:schneider-electric:vijeo_designer:1.0
-
cpe:2.3:a:schneider-electric:vijeo_designer:1.1
-
cpe:2.3:a:schneider-electric:vijeo_designer:1.2.1
-
cpe:2.3:a:schneider-electric:vijeo_designer:6.2
-
cpe:2.3:a:schneider-electric:vijeo_designer:6.2.10
-
cpe:2.3:h:schneider-electric:harmony_gk:-
-
cpe:2.3:h:schneider-electric:harmony_gto:-
-
cpe:2.3:h:schneider-electric:harmony_gtu:-
-
cpe:2.3:h:schneider-electric:harmony_gtux:-
-
cpe:2.3:h:schneider-electric:harmony_gxu:-
-
cpe:2.3:h:schneider-electric:harmony_scu:-
-
cpe:2.3:h:schneider-electric:harmony_sto:-
-
cpe:2.3:h:schneider-electric:harmony_stu:-