A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
References
Link | Resource |
---|---|
https://www.se.com/ww/en/download/document/SEVD-2022-284-01/ | Patch Vendor Advisory |
https://www.se.com/ww/en/download/document/SEVD-2022-284-01/ | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:23
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
References | () https://www.se.com/ww/en/download/document/SEVD-2022-284-01/ - Patch, Vendor Advisory |
Information
Published : 2022-11-04 14:15
Updated : 2024-11-21 07:23
NVD link : CVE-2022-41670
Mitre link : CVE-2022-41670
CVE.ORG link : CVE-2022-41670
JSON object : View
Products Affected
schneider-electric
- pro-face_blue
- ecostruxure_operator_terminal_expert
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')