CVE-2021-22704

CVE-2021-22704

Vendor N/A
Product Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0)
Weakness CWE-22 · Path traversal
Published September 2, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.

Key dates

02Disclosure timeline

September 2, 2021 CVE published
August 3, 2024 Record updated