Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22817

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.8, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 73 products from schneider-electric, from schneider-electric, from schneider-electric and 70 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-02-09T23:15:14.937

Last Modified

2024-11-21T05:50:43.910

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-276
Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	schneider-electric	hmibmuhi29d2801_firmware	*	Yes
Hardware	schneider-electric	hmibmuhi29d2801	-	No
Operating System	schneider-electric	hmibmusi29d2801_firmware	*	Yes
Hardware	schneider-electric	hmibmusi29d2801	-	No
Operating System	schneider-electric	hmibmuci29d2w01_firmware	*	Yes
Hardware	schneider-electric	hmibmuci29d2w01	-	No
Operating System	schneider-electric	hmibmu0i29d2001_firmware	*	Yes
Hardware	schneider-electric	hmibmu0i29d2001	-	No
Operating System	schneider-electric	hmibmu0i29d200a_firmware	*	Yes
Hardware	schneider-electric	hmibmu0i29d200a	-	No
Operating System	schneider-electric	hmibmuhi29d4801_firmware	*	Yes
Hardware	schneider-electric	hmibmuhi29d4801	-	No
Operating System	schneider-electric	hmibmusi29d4801_firmware	*	Yes
Hardware	schneider-electric	hmibmusi29d4801	-	No
Operating System	schneider-electric	hmibmuci29d4w01_firmware	*	Yes
Hardware	schneider-electric	hmibmuci29d4w01	-	No
Operating System	schneider-electric	hmibmu0i29d4001_firmware	*	Yes
Hardware	schneider-electric	hmibmu0i29d4001	-	No
Operating System	schneider-electric	hmibmu0i29d400a_firmware	*	Yes
Hardware	schneider-electric	hmibmu0i29d400a	-	No
Operating System	schneider-electric	hmibmu0i29di00a_firmware	*	Yes
Hardware	schneider-electric	hmibmu0i29di00a	-	No
Operating System	schneider-electric	hmibmu0i29de00a_firmware	*	Yes
Hardware	schneider-electric	hmibmu0i29de00a	-	No
Operating System	schneider-electric	hmibmphi74d2801_firmware	*	Yes
Hardware	schneider-electric	hmibmphi74d2801	-	No
Operating System	schneider-electric	hmibmpsi74d2801_firmware	*	Yes
Hardware	schneider-electric	hmibmpsi74d2801	-	No
Operating System	schneider-electric	hmibmp0i74d2001_firmware	*	Yes
Hardware	schneider-electric	hmibmp0i74d2001	-	No
Operating System	schneider-electric	hmibmp0i74d200a_firmware	*	Yes
Hardware	schneider-electric	hmibmp0i74d200a	-	No
Operating System	schneider-electric	hmibmphi74d4801_firmware	*	Yes
Hardware	schneider-electric	hmibmphi74d4801	-	No
Operating System	schneider-electric	hmibmpsi74d4801_firmware	*	Yes
Hardware	schneider-electric	hmibmpsi74d4801	-	No
Operating System	schneider-electric	hmibmp0i74d4001_firmware	*	Yes
Hardware	schneider-electric	hmibmp0i74d4001	-	No
Operating System	schneider-electric	hmibmp0i74d400a_firmware	*	Yes
Hardware	schneider-electric	hmibmp0i74d400a	-	No
Operating System	schneider-electric	hmibmp0i74di00a_firmware	*	Yes
Hardware	schneider-electric	hmibmp0i74di00a	-	No
Operating System	schneider-electric	hmibmp0i74de00a_firmware	*	Yes
Hardware	schneider-electric	hmibmp0i74de00a	-	No
Operating System	schneider-electric	hmibscea53d1l01_firmware	*	Yes
Hardware	schneider-electric	hmibscea53d1l01	-	No
Operating System	schneider-electric	hmibmoma5ddf10l_firmware	*	Yes
Hardware	schneider-electric	hmibmoma5ddf10l	-	No
Operating System	schneider-electric	hmibmoma5dd1e01_firmware	*	Yes
Hardware	schneider-electric	hmibmoma5dd1e01	-	No
Operating System	schneider-electric	hmibmoma5dd1101_firmware	*	Yes
Hardware	schneider-electric	hmibmoma5dd1101	-	No
Operating System	schneider-electric	hmibmo0a5ddf10a_firmware	*	Yes
Hardware	schneider-electric	hmibmo0a5ddf10a	-	No
Operating System	schneider-electric	hmibmo0a5ddf101_firmware	*	Yes
Hardware	schneider-electric	hmibmo0a5ddf101	-	No
Operating System	schneider-electric	hmibmo0a5dd1001_firmware	*	Yes
Hardware	schneider-electric	hmibmo0a5dd1001	-	No
Operating System	schneider-electric	hmibmiea5dd1e01_firmware	*	Yes
Hardware	schneider-electric	hmibmiea5dd1e01	-	No
Operating System	schneider-electric	hmibmiea5dd110l_firmware	*	Yes
Hardware	schneider-electric	hmibmiea5dd110l	-	No
Operating System	schneider-electric	hmibmiea5dd1101_firmware	*	Yes
Hardware	schneider-electric	hmibmiea5dd1101	-	No
Operating System	schneider-electric	hmibmiea5dd100a_firmware	*	Yes
Hardware	schneider-electric	hmibmiea5dd100a	-	No
Operating System	schneider-electric	hmibmiea5dd1001_firmware	*	Yes
Hardware	schneider-electric	hmibmiea5dd1001	-	No
Operating System	schneider-electric	hmibscea53d1l0t_firmware	*	Yes
Hardware	schneider-electric	hmibscea53d1l0t	-	No
Operating System	schneider-electric	hmibscea53d1l0a_firmware	*	Yes
Hardware	schneider-electric	hmibscea53d1l0a	-	No
Application	schneider-electric	vijeo_designer	< 1.2.1	Yes
Application	schneider-electric	vijeo_designer	< 6.2	Yes
Application	schneider-electric	vijeo_designer	6.2	Yes
Application	schneider-electric	vijeo_designer	6.2	Yes
Application	schneider-electric	vijeo_designer	6.2	Yes
Application	schneider-electric	vijeo_designer	6.2	Yes
Application	schneider-electric	vijeo_designer	6.2	Yes
Application	schneider-electric	vijeo_designer	6.2	Yes
Application	schneider-electric	vijeo_designer	6.2	Yes
Application	schneider-electric	vijeo_designer	6.2	Yes
Application	schneider-electric	vijeo_designer	6.2	Yes
Application	schneider-electric	vijeo_designer	6.2	Yes
Application	schneider-electric	vijeo_designer	6.2	Yes

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06 Vendor Advisory ([email protected])
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For schneider-electric's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.