mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution.
References
Link | Resource |
---|---|
https://github.com/jacob-baines/vuln_disclosure/blob/main/vuln_2021_05.txt | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-10-04T17:38:23
Updated: 2021-10-04T17:38:23
Reserved: 2021-09-24T00:00:00
Link: CVE-2021-41578
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-04T18:15:09.677
Modified: 2021-10-12T21:41:22.980
Link: CVE-2021-41578
JSON object: View
Redhat Information
No data.
CWE