4 matches found
CVE-2020-7478
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS Versions 14 and prior using the service: IGSSupdate, which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update...
Schneider Electric IGSS SCADA Software
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: IGSS Interactive Graphical SCADA System Vulnerabilities: Path Traversal, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of...
CVE-2020-7478
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS Versions 14 and prior using the service: IGSSupdate, which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update...
CVE-2020-7478
CVE-2020-7478 is a directory traversal vulnerability in Schneider Electric IGSS IGSSupdateservice (versions 14 and prior, using the IGSSupdate service). The flaw allows a remote unauthenticated attacker to read arbitrary files on the IGSS server over the network when the update service is enabled...