N/A

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.

N/A

对路径名的限制不恰当(路径遍历)

Schneider Electric Interactive Graphical SCADA System 路径遍历漏洞

Schneider Electric Interactive Graphical SCADA System（IGSS）是法国施耐德电气（Schneider Electric）公司的一套用于监控和控制工业过程的SCADA（数据采集与监控系统）系统。 Schneider Electric IGSS 14及之前版本（使用IGSSupdate服务）中存在路径遍历漏洞。远程攻击者可利用该漏洞读取来自IGSS server PC的任意文件。

N/A

N/A