Описание
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.6.3.574 (включая)
cpe:2.3:a:schneider-electric:scadapack_7x_remote_connect:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00221
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file.
EPSS
Процентиль: 44%
0.00221
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22