Path Traversal: '/absolute/pathname/here'

CVE-2022-25347

High

9.8/10

Summary

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-37 - Path Traversal: '/absolute/pathname/here'

A software system that accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files.

References

Advisory Timeline

Published Mar 29, 2022

Path Traversal: '/absolute/pathname/here'

CVE-2022-25347

Summary

CWE-37 - Path Traversal: '/absolute/pathname/here'

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS