A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project.
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-450/ | Third Party Advisory VDB Entry |
https://www.tenable.com/security/research/tra-2021-50 | Exploit Third Party Advisory |
Configurations
Information
Published : 2021-04-13 12:15
Updated : 2021-11-30 14:01
NVD link : CVE-2021-22720
Mitre link : CVE-2021-22720
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
schneider-electric
- c-bus_toolkit