Path Traversal Vulnerability in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect

Path Traversal Vulnerability in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect

CVE-2021-22797 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)

Learn more about our Web Application Penetration Testing UK.