Sign-up

ID

VAR-202109-0202


CVE

CVE-2021-22704


TITLE

Multiple Schneider Electric Product Path Traversal Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202109-124

DESCRIPTION

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP

Trust: 0.99

sources: NVD: CVE-2021-22704 // VULMON: CVE-2021-22704

AFFECTED PRODUCTS

vendor:schneider electricmodel:vijeo designerscope:ltversion:1.2

Trust: 1.0

vendor:schneider electricmodel:ecostruxure machine expertscope:ltversion:2.0

Trust: 1.0

vendor:schneider electricmodel:ecostruxure machine expertscope:eqversion:2.0

Trust: 1.0

vendor:schneider electricmodel:vijeo designerscope:ltversion:6.2.11

Trust: 1.0

sources: NVD: CVE-2021-22704

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-22704
value: CRITICAL

Trust: 1.0

VULMON: CVE-2021-22704
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-22704
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2021-22704
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2021-22704 // NVD: CVE-2021-22704

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

sources: NVD: CVE-2021-22704

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202109-124

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-22704

PATCH
title:Multiple  Schneider Electric Product path traversal vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=161390
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202109-124

EXTERNAL IDS
db:SCHNEIDERid:SEVD-2021-222-01
Trust: 1.7
db:NVDid:CVE-2021-22704
Trust: 1.7
db:CNNVDid:CNNVD-202109-124
Trust: 0.6
db:VULMONid:CVE-2021-22704
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-22704 // 
            
            
            
            CNNVD: CNNVD-202109-124 // 
            
            
            
            NVD: CVE-2021-22704

REFERENCES
url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2021-222-01
Trust: 1.7
url:https://cwe.mitre.org/data/definitions/22.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-22704 // 
            
            
            
            CNNVD: CNNVD-202109-124 // 
            
            
            
            NVD: CVE-2021-22704

SOURCES
db:VULMONid:CVE-2021-22704
db:CNNVDid:CNNVD-202109-124
db:NVDid:CVE-2021-22704

LAST UPDATE DATE
2022-05-04T08:52:01.490000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-22704date:2021-09-20T00:00:00
db:CNNVDid:CNNVD-202109-124date:2021-09-03T00:00:00
db:NVDid:CVE-2021-22704date:2021-09-20T12:06:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-22704date:2021-09-02T00:00:00
db:CNNVDid:CNNVD-202109-124date:2021-09-02T00:00:00
db:NVDid:CVE-2021-22704date:2021-09-02T17:15:00