Path Traversal Vulnerability in Harmony/HMI Products Configured by Vijeo Designer, Vijeo Designer Basic, or EcoStruxure Machine Expert

Path Traversal Vulnerability in Harmony/HMI Products Configured by Vijeo Designer, Vijeo Designer Basic, or EcoStruxure Machine Expert

CVE-2021-22704 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.

Learn more about our Web Application Penetration Testing UK.