CVE-2021-22817

moderate-risk
Published 2022-02-09

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (20)

Hmibmuhi29D2801 Firmware
Hmibmusi29D2801 Firmware
Hmibmuci29D2W01 Firmware
Hmibmu0I29D2001 Firmware
Hmibmu0I29D200A Firmware
Hmibmuhi29D4801 Firmware
Hmibmusi29D4801 Firmware
Hmibmuci29D4W01 Firmware
Hmibmu0I29D4001 Firmware
Hmibmu0I29D400A Firmware
Hmibmu0I29Di00A Firmware
Hmibmu0I29De00A Firmware
Hmibmphi74D2801 Firmware
Hmibmpsi74D2801 Firmware
Hmibmp0I74D2001 Firmware
Hmibmp0I74D200A Firmware
Hmibmphi74D4801 Firmware
Hmibmpsi74D4801 Firmware
Hmibmp0I74D4001 Firmware
Hmibmp0I74D400A Firmware

Affected Vendors

Schneider-Electric

References (2)

Vendor Advisory https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06
Vendor Advisory https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06
49
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 25/34 · High