CVE-2021-22817

Q: What is the severity of CVE-2021-22817?

CVE-2021-22817 has a CVSS score of 7.8 (HIGH). This vulnerability allows local attackers to escalate privileges by exploiting incorrect default permissions on the base installation directory. It affects Schneider Electric's Harmony/Magelis iPC Series and Vijeo Designer software. Attackers could gain unauthorized access to sensitive system resources.

7.8 HIGH

📋 TL;DR

This vulnerability allows local attackers to escalate privileges by exploiting incorrect default permissions on the base installation directory. It affects Schneider Electric's Harmony/Magelis iPC Series and Vijeo Designer software. Attackers could gain unauthorized access to sensitive system resources.

💻 Affected Systems

Products:

Harmony/Magelis iPC Series
Vijeo Designer
Vijeo Designer Basic

Versions: All versions for iPC Series; All versions prior to V6.2 SP11 Multiple HotFix 4 for Vijeo Designer; All versions prior to V1.2.1 for Vijeo Designer Basic

Operating Systems: Windows (typically used for industrial control systems)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations of these industrial control system software packages.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to SYSTEM/root level, allowing complete system compromise, installation of malware, data theft, and persistence mechanisms.

🟠

Likely Case

Local user gains elevated privileges to modify application files, access sensitive configuration data, or disrupt industrial control operations.

🟢

If Mitigated

Limited impact with proper access controls, but still presents risk if initial access is obtained.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring initial access to the system.

🏢 Internal Only: HIGH - Industrial control systems often have privileged users who could exploit this vulnerability from within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to the system but exploitation is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vijeo Designer V6.2 SP11 Multiple HotFix 4 or later; Vijeo Designer Basic V1.2.1 or later; Check vendor advisory for iPC Series updates

Vendor Advisory: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Schneider Electric's security advisory. 2. Apply the patch following vendor instructions. 3. Restart affected systems. 4. Verify permissions on installation directories are corrected.

🔧 Temporary Workarounds

Restrict installation directory permissions

windows

Manually adjust permissions on the base installation directory to restrict write access to authorized users only.

icacls "C:\Program Files\Schneider Electric\Vijeo Designer" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F" /grant:r "Users:(OI)(CI)RX"

🧯 If You Can't Patch

Implement strict access controls to limit who can log into affected systems
Monitor installation directories for unauthorized file modifications

🔍 How to Verify

Check if Vulnerable:

Check if affected software versions are installed and verify installation directory permissions allow unauthorized write access.

Check Version:

Check application About dialog or installed programs list for version information

Verify Fix Applied:

Verify software version is updated to patched version and installation directory permissions are properly restricted.

📡 Detection & Monitoring

Log Indicators:

Unauthorized file modifications in installation directories
Privilege escalation attempts in Windows security logs

Network Indicators:

Unusual network connections from industrial control systems

SIEM Query:

EventID=4688 AND (ProcessName LIKE '%Vijeo%' OR ProcessName LIKE '%Harmony%') AND NewProcessName LIKE '%cmd%' OR NewProcessName LIKE '%powershell%'

📊 Metadata

CVE ID: CVE-2021-22817

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: February 9, 2022

Last Updated: November 21, 2024

🔗 References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06 Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Hmibmiea5dd1001 Firmware by Schneider Electric

Hmibmiea5dd100a Firmware by Schneider Electric

Hmibmiea5dd1101 Firmware by Schneider Electric

Hmibmiea5dd110l Firmware by Schneider Electric

Hmibmiea5dd1e01 Firmware by Schneider Electric

Hmibmo0a5dd1001 Firmware by Schneider Electric

Hmibmo0a5ddf101 Firmware by Schneider Electric

Hmibmo0a5ddf10a Firmware by Schneider Electric

Hmibmoma5dd1101 Firmware by Schneider Electric

Hmibmoma5dd1e01 Firmware by Schneider Electric

Hmibmoma5ddf10l Firmware by Schneider Electric

Hmibmp0i74d2001 Firmware by Schneider Electric

Hmibmp0i74d200a Firmware by Schneider Electric

Hmibmp0i74d4001 Firmware by Schneider Electric

Hmibmp0i74d400a Firmware by Schneider Electric

Hmibmp0i74de00a Firmware by Schneider Electric

Hmibmp0i74di00a Firmware by Schneider Electric

Hmibmphi74d2801 Firmware by Schneider Electric

Hmibmphi74d4801 Firmware by Schneider Electric

Hmibmpsi74d2801 Firmware by Schneider Electric

Hmibmpsi74d4801 Firmware by Schneider Electric

Hmibmu0i29d2001 Firmware by Schneider Electric

Hmibmu0i29d200a Firmware by Schneider Electric

Hmibmu0i29d4001 Firmware by Schneider Electric

Hmibmu0i29d400a Firmware by Schneider Electric

Hmibmu0i29de00a Firmware by Schneider Electric

Hmibmu0i29di00a Firmware by Schneider Electric

Hmibmuci29d2w01 Firmware by Schneider Electric

Hmibmuci29d4w01 Firmware by Schneider Electric

Hmibmuhi29d2801 Firmware by Schneider Electric

Hmibmuhi29d4801 Firmware by Schneider Electric

Hmibmusi29d2801 Firmware by Schneider Electric

Hmibmusi29d4801 Firmware by Schneider Electric

Hmibscea53d1l01 Firmware by Schneider Electric

Hmibscea53d1l0a Firmware by Schneider Electric

Hmibscea53d1l0t Firmware by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

Vijeo Designer by Schneider Electric

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict installation directory permissions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities