3 matches found
CVE-2021-22797
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...
CVE-2021-22797
CVE-2021-22797 is a CWE-22 path traversal vulnerability in Schneider Electric EcoStruxure Control Expert (incl. Unity Pro), EcoStruxure Process Expert, and SCADAPack RemoteConnect for x70. The root cause is improper validation of a user-supplied path when loading a malicious project file, which c...
Schneider Electric EcoStruxure and SCADAPack
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70 Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could...