Path Traversal Vulnerability Affects Windows File Explorer
CVE-2024-28171

8.1HIGH

Key Information:

Vendor
Delta Electronics
Status
Diaenergie
Vendor
CVE Published:
21 March 2024

Summary

An identified vulnerability enables attackers to exploit path traversal flaws in specific products by Vendor, allowing them to manipulate file paths and write files outside the intended target directory. If a malicious user specifies an existing file name, the attack leads to the overwriting of critical files, which may compromise the integrity and security of the system's data, highlighting a need for prompt remediation.

Affected Version(s)

DIAEnergie 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-0...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michael Heinzl reported these vulnerabilities to CISA.
.
CVE-2024-28171 : Path Traversal Vulnerability Affects Windows File Explorer | SecurityVulnerability.io