CVE-2021-22704
CRITICALVijeo Designer < 6.2.11 and < 1.2 and EcoStruxure Machine Expert < 2.0 - Path Traversal via FTP Connection
Title source: llmDescription
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01
Scores
CVSS v3
9.1
EPSS
0.0060
EPSS Percentile
69.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-22
Status
published
Products (4)
schneider-electric/ecostruxure_machine_expert
2.0
schneider-electric/ecostruxure_machine_expert
< 2.0
schneider-electric/vijeo_designer
< 1.2
schneider-electric/vijeo_designer
< 6.2.11
Published
Sep 02, 2021
Tracked Since
Feb 18, 2026