Unrestricted File Upload and Remote Code Execution in EcoStruxure Building Operation WebReports V1.9 - V3.1

Unrestricted File Upload and Remote Code Execution in EcoStruxure Building Operation WebReports V1.9 - V3.1

CVE-2020-7569 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution.

Learn more about our Web App Pen Testing.