N/A

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file.

N/A

对路径名的限制不恰当(路径遍历)

Schneider Electric EcoStruxure Operator Terminal Expert 路径遍历漏洞

Schneider Electric EcoStruxure Operator Terminal Expert是法国施耐德电气（Schneider Electric）公司的一款触控屏配置软件。该软件支主要用于创建和编辑触控应用程序。 Schneider Electric EcoStruxure Operator Terminal Expert 3.1 SP1及之前版本中ZIP文件的处理过程存在路径遍历漏洞，该漏洞源于程序没有正确验证用户提交的路径。攻击者可利用该漏洞在被限制的文件之外进行未授权的写入操作。

N/A

N/A