PT-2022-9287 · Schneider Electric · Harmony/Magelis Ipc Series+2

Published

2022-02-09

Updated

2022-02-16

CVE-2021-22817

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Harmony/Magelis iPC Series (All Versions) Vijeo Designer versions prior to V6.2 SP11 Multiple HotFix 4 Vijeo Designer Basic versions prior to V1.2.1

Description A vulnerability exists that could cause unauthorized access to the base installation directory, leading to local privilege escalation. This issue is related to incorrect default permissions.

Recommendations For Harmony/Magelis iPC Series, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Vijeo Designer, update to version V6.2 SP11 Multiple HotFix 4 or later. For Vijeo Designer Basic, update to version V1.2.1 or later.

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2021-22817

Affected Products

Harmony/Magelis Ipc Series

Vijeo Designer

Vijeo Designer Basic

PT-2022-9287 · Schneider Electric · Harmony/Magelis Ipc Series+2

CVE-2021-22817

Weakness Enumeration

Related Identifiers

Affected Products

References · 4