CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
51.0%
External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.
Vendor | Product | Version | CPE |
---|---|---|---|
tel-ster | telwin_scada_webinterface | * | cpe:2.3:a:tel-ster:telwin_scada_webinterface:*:*:*:*:*:*:*:* |
tel-ster | telwin_scada_webinterface | 8.0 | cpe:2.3:a:tel-ster:telwin_scada_webinterface:8.0:*:*:*:*:*:*:* |
tel-ster | telwin_scada_webinterface | 9.0 | cpe:2.3:a:tel-ster:telwin_scada_webinterface:9.0:*:*:*:*:*:*:* |