A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file.
References
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2020-06-16T19:11:55

Updated: 2020-06-16T19:11:55

Reserved: 2020-01-21T00:00:00


Link: CVE-2020-7495

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2020-06-16T20:15:14.457

Modified: 2020-06-19T17:52:28.320


Link: CVE-2020-7495

JSON object: View

cve-icon Redhat Information

No data.

CWE