Directory Traversal Vulnerability in mySCADA myDESIGNER 8.20.0 and Below Allows Arbitrary File Write and Code Execution

Directory Traversal Vulnerability in mySCADA myDESIGNER 8.20.0 and Below Allows Arbitrary File Write and Code Execution

CVE-2021-41578 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution.

Learn more about our User Device Pen Test.