CVE-2021-22705

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert

Related CPE's

aschneider-electricvijeo_designer********

hschneider-electricharmony_stu-*******

hschneider-electricharmony_gto-*******

hschneider-electricharmony_gk-*******

hschneider-electricharmony_gtu-*******

hschneider-electricharmony_gtux-*******

hschneider-electricharmony_sto-*******

aschneider-electricecostruxure_machine_expert********

hschneider-electricharmony_hmiscu-*******

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-02

PatchVendor Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

7.8

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

4.599999904632568

VectorString

AV:L/AC:L/Au:N/C:P/I:P/A:P

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io