Lucene search
China National Vulnerability DatabaseCNVD-2021-89425HistoryNov 13, 2021 - 12:00 a.m.
Siemens SIMATIC PCS 7 and SIMATIC WinCC Path Traversal Vulnerability
2021-11-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
17
siemens
pcs 7
wincc
path traversal
vulnerability
scada
process control system
data acquisition
monitoring
attack
server
directory
critical files
EPSS
0.001
Percentile
39.7%
Siemens SIMATIC PCS 7 and SIMATIC WinCC are both products of Siemens, a German company. SIMATIC PCS 7 is a process control system and SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A path traversal vulnerability exists in SIMATIC PCS 7 and SIMATIC WinCC, which stems from a failure to properly neutralize special elements in path names when downloading files. An attacker could then exploit the vulnerability to cause the pathname to resolve to a location on the server outside of the restricted directory and read unexpected critical files.
Related
nvd
nvd
CVE-2021-40359
2021-11-09 12:15:09
cvelist
cvelist
CVE-2021-40359
2021-11-09 11:32:05
cve
cve
CVE-2021-40359
2021-11-09 12:15:09
prion
prion
Authentication flaw
2021-11-09 12:15:00
ics
ics
Siemens SIMATIC WinCC (Update E)
2022-07-14 12:00:00