CVE-2022-41670 HIGH

CVE-2022-41670

Vendor Schneider Electric
Product EcoStruxure Operator Terminal Expert
Weakness CWE-22 · Path traversal
Published November 4, 2022
Last update April 30, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Key dates

02Disclosure timeline

November 4, 2022 CVE published
April 30, 2025 Record updated