7.8
CVE-2022-41670
- EPSS 0.06%
- Published 04.11.2022 14:15:10
- Last modified 21.11.2024 07:23:36
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Ecostruxure Operator Terminal Expert Version < 3.3
Schneider-electric ≫ Ecostruxure Operator Terminal Expert Version3.3 Update-
Schneider-electric ≫ Ecostruxure Operator Terminal Expert Version3.3 Updatehotfix1
Schneider-electric ≫ Pro-face Blue Version < 3.3
Schneider-electric ≫ Pro-face Blue Version3.3 Update-
Schneider-electric ≫ Pro-face Blue Version3.3 Updatehotfix1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.193 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cybersecurity@se.com | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.