Skip to main content

Relative Path Traversal

CVE-2021-43555

Severity High
Score 7.3/10

Summary

mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution.

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • LOW
  • HIGH

CWE-23 - Relative Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References

Advisory Timeline

  • Published