Schneider-Electric: >> Ecostruxure Operator Terminal Expert Security Vulnerabilities
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-06-16
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts.
CVSS Score
9.8
EPSS Score
0.015
Published
2020-06-16
Page 2