Path Traversal Attack Risk: Write Outside Intended Directory and Access Sensitive Information
CVE-2024-25567

8.1HIGH

Key Information:

Vendor: Delta Electronics
Status: Diaenergie
Vendor: CVE Published:; 21 March 2024

Summary

A path traversal vulnerability exists in XYZ product by ABC Vendor, enabling attackers to manipulate file paths to write data outside the designated directory. This flaw allows unauthorized access to sensitive information and poses risks as existing files on the system can be overwritten if attackers specify a filename that matches one already on the server. Organizations using affected versions of XYZ product should prioritize patching to safeguard against potential data breaches.

Affected Version(s)

DIAEnergie 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-0...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Mar 12, 2024

Credit

Michael Heinzl reported these vulnerabilities to CISA.