Описание
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip.
Уязвимые конфигурации
Конфигурация 1Версия от 4.0 (включая) до 4.0.32.15 (включая)Версия от 4.1 (включая) до 4.1.17.113 (включая)Версия от 4.2 (включая) до 4.2.14.119 (включая)
Одно из
cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00699
Низкий
5.5 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
github
больше 3 лет назад
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip.
EPSS
Процентиль: 71%
0.00699
Низкий
5.5 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
CWE-22