A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HSchneider Electric Ecostruxure Machine Expert
APPSchneider-Electric2.0< 2.0Schneider Electric Harmony Gk
HWSchneider-Electricwszystkie wersjeSchneider Electric Harmony Gto
HWSchneider-Electricwszystkie wersjeSchneider Electric Harmony Gtu
HWSchneider-Electricwszystkie wersjeSchneider Electric Harmony Gtux
HWSchneider-Electricwszystkie wersjeSchneider Electric Harmony Gxu
HWSchneider-Electricwszystkie wersjeSchneider Electric Harmony Scu
HWSchneider-Electricwszystkie wersjeSchneider Electric Harmony Sto
HWSchneider-Electricwszystkie wersjeSchneider Electric Harmony Stu
HWSchneider-Electricwszystkie wersjeSchneider Electric Vijeo Designer
APPSchneider-Electric< 1.2< 6.2.11
Related vulnerabilities
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') v...
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker ...
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of conf...
A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base...
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause ...