CVE-2022-41667
published 2022-11-04CVE-2022-41667: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | ecostruxure_operator_terminal_expert | < 3.3 | 3.3 |
| schneider-electric | ecostruxure_operator_terminal_expert | — | — |
| schneider-electric | pro-face_blue | < 3.3 | 3.3 |
| schneider-electric | pro-face_blue | — | — |
| schneider_electric | ecostruxure_operator_terminal_expert | V3.3 – Hotfix 1 | — |
| schneider_electric | pro-face_blue | V3.3 – Hotfix 1 | — |