Path Traversal Vulnerability in EcoStruxure Operator Terminal Expert by Schneider Electric
CVE-2020-7494

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Operator Terminal Expert 3.1 Service Pack 1 And Prior (formerly Known As Vijeo Xd)
Vendor: CVE Published:; 16 June 2020

Summary

A vulnerability exists within EcoStruxure Operator Terminal Expert that allows for improper restriction of file paths. This weakness could enable an attacker to craft a malicious project file that, when opened, executes arbitrary code, potentially compromising system integrity and allowing unauthorized access to sensitive areas of the filesystem.

Affected Version(s)

EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)

References

https://www.se.com/ww/en/download/document/SEVD-2020-133-04

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2020
Vulnerability Reserved
Jan 21, 2020