CVE-2020-7478
N/A
N/A
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | IGSS (Interactive Graphical SCADA System) (IGSS Version prior to 14.0.0.20009) | IGSS (Interactive Graphical SCADA System) (Versions 14 and prior using the service: IGSSupdate) | affected |
Weaknesses
- CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory
ADP Enrichment
CVE Program Container
Additional References
- https://www.se.com/ww/en/download/document/SEVD-2020-070-01/
- https://www.zerodayinitiative.com/advisories/ZDI-20-371/
References
- https://www.se.com/ww/en/download/document/SEVD-2020-070-01/
- https://www.zerodayinitiative.com/advisories/ZDI-20-371/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.