Path Traversal Vulnerability in EcoStruxure Operator Terminal Expert by Schneider Electric
CVE-2020-7495

5.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Operator Terminal Expert 3.1 Service Pack 1 And Prior (formerly Known As Vijeo Xd)
Vendor: CVE Published:; 16 June 2020

Summary

A path traversal vulnerability exists in EcoStruxure Operator Terminal Expert, previously known as Vijeo XD, that allows an attacker to manipulate zip file extraction processes. This vulnerability could permit unauthorized write access outside designated project folders, potentially compromising sensitive data and the integrity of the application. Users are recommended to apply available patches to mitigate these risks.

Affected Version(s)

EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)

References

https://www.se.com/ww/en/download/document/SEVD-2020-133-04

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2020
Vulnerability Reserved
Jan 21, 2020