Vulnerability Details CVE-2020-11420
UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://library.e.abb.com/public/ee46f3ff5823400f991ebd9bd43a297e/2CMT2020-005913%20Security%20Advisory%20CS141.pdf
- https://www.generex.de/index.php?option=com_content&task=view&id=185&Itemid=249
- https://www.generex.de/support/changelogs/cs141/page:2
- https://library.e.abb.com/public/ee46f3ff5823400f991ebd9bd43a297e/2CMT2020-005913%20Security%20Advisory%20CS141.pdf
- https://www.generex.de/index.php?option=com_content&task=view&id=185&Itemid=249
- https://www.generex.de/support/changelogs/cs141/page:2
Products affected by CVE-2020-11420
-
cpe:2.3:h:abb:cs141:-
-
cpe:2.3:h:generex:cs141:-
-
cpe:2.3:o:abb:cs141_firmware:1.66
-
cpe:2.3:o:abb:cs141_firmware:1.88
-
cpe:2.3:o:generex:cs141_firmware:-