CVE-2020-7529 — Path Traversal in Scadapack 7X Remote Connect

CWE-22 — Path Traversal3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 55.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Scadapack 7X Remote Connect

Timeline

PublishedSep 16

Latest updateMay 24

Description

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDschneider-electric/scadapack_7x_remote_connect3.6.3.574

🔴Vulnerability Details

GHSA

GHSA-ff95-chf7-569x: A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3↗2022-05-24

▶

CVEList

CVE-2020-7529: A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3↗2020-09-16

▶