PT-2021-15177 · Schneider Electric · Harmony/Hmi Products Configured By Vijeo Designer+2
Published
2021-09-02
·
Updated
2021-09-20
·
CVE-2021-22704
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Harmony/HMI Products Configured by Vijeo Designer versions prior to V6.2 SP11
Vijeo Designer Basic versions prior to V1.2
EcoStruxure Machine Expert versions prior to V2.0
Description
A path traversal issue exists that could lead to Denial of Service or unauthorized access to system information when connecting over FTP.
Recommendations
For Harmony/HMI Products Configured by Vijeo Designer versions prior to V6.2 SP11, update to V6.2 SP11 or later.
For Vijeo Designer Basic versions prior to V1.2, update to V1.2 or later.
For EcoStruxure Machine Expert versions prior to V2.0, update to V2.0 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecostruxure Machine Expert
Harmony/Hmi Products Configured By Vijeo Designer
Vijeo Designer Basic