Path Traversal Vulnerability in EcoStruxure Operator Terminal Expert and Pro-face BLUE by Schneider Electric
CVE-2022-41667
7HIGH
What is CVE-2022-41667?
A vulnerability exists that allows adversaries with local user privileges to exploit improper pathname limitations, enabling the loading of malicious DLL files. This can lead to unauthorized execution of harmful code within affected versions of EcoStruxure Operator Terminal Expert and Pro-face BLUE, compromising the integrity and security of the systems involved. Users should ensure their software is updated to mitigate this risk.
Affected Version(s)
EcoStruxure Operator Terminal Expert V3.3
Pro-face BLUE V3.3