Schneider-Electric: >> C-Bus Toolkit >> 1.15.8 Security Vulnerabilities
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote
code execution when the transfer command is used over the network.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-04
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)
CVSS Score
8.8
EPSS Score
0.035
Published
2022-02-11
A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system.
CVSS Score
5.7
EPSS Score
0.014
Published
2021-07-21