Improper Pathname Limitation in Schneider Electric Interactive Graphical SCADA System
CVE-2022-24311
9.8CRITICAL
Key Information:
- Vendor
Schneider Electric
- Vendor
- CVE Published:
- 9 February 2022
What is CVE-2022-24311?
A vulnerability exists in the Interactive Graphical SCADA System Data Server due to improper limitation of a pathname to a restricted directory. This issue allows an attacker to potentially modify existing files by inserting data at the beginning or creating new files through specially crafted messages. If exploited, this flaw could lead to remote code execution, posing significant risks to the integrity and security of the system.
Affected Version(s)
Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)