Siemens SIMATIC PCS 7 and SIMATIC WinCC Path Traversal Vulnerability (CNVD-2021-89422)

Siemens SIMATIC PCS 7 and SIMATIC WinCC are both products of Siemens, a German company. SIMATIC PCS 7 is a process control system and SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A path traversal vulnerability exists in SIMATIC PCS 7 and SIMATIC WinCC. The vulnerability stems from the fact that legitimate file operations on the affected systems do not properly neutralize special elements in path names. An attacker could exploit the vulnerability to cause the pathname to resolve to a location outside of the restricted directory on the server and read, write, or delete unexpected critical files.