CVE-2020-7478

CVE-2020-7478

Vendor N/A
Product IGSS (Interactive Graphical SCADA System) (IGSS Version prior to 14.0.0.20009)
Weakness CWE-22 · Path traversal
Published March 23, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.

Key dates

02Disclosure timeline

March 23, 2020 CVE published
August 4, 2024 Record updated