CVE-2020-7495

CVE-2020-7495

Vendor N/A
Product EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)
Weakness CWE-22 · Path traversal
Published June 16, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file.

Key dates

02Disclosure timeline

June 16, 2020 CVE published
August 4, 2024 Record updated