Details of VAR-202202-0404

ID

VAR-202202-0404

CVE

CVE-2021-22817

TITLE

Schneider Electric Multiple product security vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-202202-891

DESCRIPTION

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)

Trust: 1.0

sources: NVD: CVE-2021-22817

AFFECTED PRODUCTS

vendor:	schneider electric	model:	hmibmp0i74di00a	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmoma5dd1e01	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmphi74d4801	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmp0i74de00a	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmu0i29d400a	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	vijeo designer	scope:	lt	version:	6.2	Trust: 1.0
vendor:	schneider electric	model:	hmibmo0a5ddf101	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibscea53d1l01	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmu0i29d4001	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmiea5dd1101	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmu0i29d200a	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmu0i29d2001	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmusi29d4801	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmp0i74d400a	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibscea53d1l0a	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmiea5dd110l	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmiea5dd1001	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmiea5dd100a	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmp0i74d2001	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmoma5ddf10l	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmphi74d2801	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmoma5dd1101	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	vijeo designer	scope:	eq	version:	6.2	Trust: 1.0
vendor:	schneider electric	model:	hmibmuci29d4w01	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmuhi29d2801	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmp0i74d4001	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibscea53d1l0t	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmo0a5ddf10a	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmpsi74d4801	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	vijeo designer	scope:	lt	version:	1.2.1	Trust: 1.0
vendor:	schneider electric	model:	hmibmo0a5dd1001	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmiea5dd1e01	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmu0i29de00a	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmu0i29di00a	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmp0i74d200a	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmuci29d2w01	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmusi29d2801	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmuhi29d4801	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	hmibmpsi74d2801	scope:	eq	version:	*	Trust: 1.0

sources: NVD: CVE-2021-22817

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-22817
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202202-891
value:	HIGH
Trust: 0.6

NVD:	CVE-2021-22817
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0

NVD:	CVE-2021-22817
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202202-891 // NVD: CVE-2021-22817

PROBLEMTYPE DATA

problemtype:

CWE-276

Trust: 1.0

sources: NVD: CVE-2021-22817

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-891

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-891

CONFIGURATIONS

sources: NVD: CVE-2021-22817

PATCH

title:

Schneider Electric Various product security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=184122

Trust: 0.6

sources: CNNVD: CNNVD-202202-891

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22817	Trust: 1.6
db:	SCHNEIDER	id:	SEVD-2022-039-06	Trust: 1.6
db:	CNNVD	id:	CNNVD-202202-891	Trust: 0.6

sources: CNNVD: CNNVD-202202-891 // NVD: CVE-2021-22817

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-06	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22817	Trust: 0.6

sources: CNNVD: CNNVD-202202-891 // NVD: CVE-2021-22817

SOURCES

db:	CNNVD	id:	CNNVD-202202-891
db:	NVD	id:	CVE-2021-22817

LAST UPDATE DATE

2022-05-04T10:10:21.397000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202202-891	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-22817	date:	2022-02-16T16:57:00

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202202-891	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2021-22817	date:	2022-02-09T23:15:00