A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.se.com/ww/en/download/document/SEVD-2020-133-04 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: schneider
Published: 2020-06-16T19:11:55
Updated: 2024-08-04T09:33:19.527Z
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7495
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-06-16T20:15:14.457
Modified: 2020-06-19T17:52:28.320
Link: CVE-2020-7495
Redhat
No data.