VDB

SEVD-2022-039-06

SEVD-2022-039-06 PUBLISHED CVSS 7.099999904632568 HIGH

Schneider Electric is aware of a vulnerability in Harmony/Magelis iPC Series HMI, Vijeo Designer and Vijeo Designer Basic. The Harmony/Magelis iPC Series HMI products are configured by Vijeo Designer software. Vijeo Designer and Vijeo Designer Basic are software solutions for developing, configuring, and commissioning an entire machine in a single software environment. Failure to apply the remediations provided below may risk unauthorized access to the base installation directory due to improper access control lists, which could result in local privilege escalation.

Risk Scores

CVSS v3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Affected Products

VendorProductVersions
Schneider Electric Vijeo Designer Basic Version 1.2.1
Schneider Electric Vijeo Designer Basic All Versions prior to V1.2.1
Schneider Electric Harmony/Magelis iPC Series Version V6.2 SP11 Multi HotFix 4
Schneider Electric Vijeo Designer All Versions prior to V6.2 SP11 Multiple HotFix 4
Schneider Electric Vijeo Designer Version V6.2 SP11 Multi HotFix 4
Schneider Electric Harmony/Magelis iPC Series All Versions

Timeline

  • Feb 8, 2022 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›