Path traversal

2022-07-2116:15:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.1%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.

CPENameOperatorVersion
rmc-100-lite_firmwareeq< 2106229-11
rmc-100_firmwareeq< 2105457-37
udc_firmwareeq< 2106177-7
uflog5_firmwareeq< 2105298-24
xfcg5_firmwareeq< 2105805-16
xio_firmwareeq< 2106198-8
xrcg5_firmwareeq< 2105864-16

Name	Operator	Version
rmc-100-lite_firmware	eq	< 2106229-11
rmc-100_firmware	eq	< 2105457-37
udc_firmware	eq	< 2106177-7
uflog5_firmware	eq	< 2105298-24
xfcg5_firmware	eq	< 2105805-16
xio_firmware	eq	< 2106198-8
xrcg5_firmware	eq	< 2105864-16