2 matches found
CVE-2020-7495
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause unauthorized write access outside of expected pa...
CVE-2020-7495
Schneider Electric EcoStruxure Operator Terminal Expert (OTE) — CVE-2020-7495: A path traversal in ZIP file extraction affects OTE 3.1 Service Pack 1 and earlier (formerly Vijeo XD). The flaw allows writing outside the intended folder when opening a project file, enabling unauthorized writes. Evi...