Vulnerabilites related to schneider-electric - harmony_gxu
Vulnerability from fkie_nvd
Published
2021-09-02 17:15
Modified
2024-11-21 05:50
Severity ?
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_designer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F2F861-8F3B-40B0-9CC4-DB9776052C7A",
"versionEndExcluding": "6.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:harmony_gk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBAEC72-A63C-464D-8E62-C42959D4A871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:harmony_gto:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDF1060-1FF5-41D5-A8ED-129492CC50A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:harmony_gtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCFA535-319D-4AB7-AB6C-B4BB0739B7F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:harmony_gtux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA285A2-8EA7-473D-87A5-62E970BD25C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:harmony_sto:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68382B8C-4FB2-49AC-8CAE-2251400BE342",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:schneider-electric:harmony_stu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2002BD-8A77-414F-A530-A7D9350143F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_designer:*:*:*:*:basic:*:*:*",
"matchCriteriaId": "B69EE5F8-4732-4019-BEE4-D80CFCD31FF7",
"versionEndExcluding": "1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:harmony_gxu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED64924A-493F-48DB-B547-0D2FF7C3C9FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_machine_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4DB52BF-192B-4167-872E-AAEC81ACAE7F",
"versionEndExcluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_machine_expert:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25030153-0F86-4598-984C-897A7BB33B48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:harmony_scu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE5BC10-3788-4CC2-BEC9-F07350793F3E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP."
},
{
"lang": "es",
"value": "Una CWE-22: Una vulnerabilidad de Limitaci\u00f3n Inapropiada de un Nombre de Ruta a un Directorio Restringido se presenta en los productos Harmony/HMI Configurados por Vijeo Designer (todas las versiones anteriores a V6.2 SP11 ), Vijeo Designer Basic (todas las versiones anteriores a V1.2) o EcoStruxure Machine Expert (todas las versiones anteriores a V2.0) que podr\u00eda causar una denegaci\u00f3n de servicio o un acceso no autorizado a la informaci\u00f3n del sistema cuando se conecta al Harmony HMI a trav\u00e9s de FTP"
}
],
"id": "CVE-2021-22704",
"lastModified": "2024-11-21T05:50:29.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-02T17:15:08.060",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
cve-2021-22704
Vulnerability from cvelistv5
Published
2021-09-02 16:53
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.
References
| ▼ | URL | Tags |
|---|---|---|
| http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) |
Version: Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T16:53:31",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0)",
"version": {
"version_data": [
{
"version_value": "Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22704",
"datePublished": "2021-09-02T16:53:31",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}