AVEVA System Platform Path Traversal

AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

对路径名的限制不恰当(路径遍历)

AVEVA System Platform 路径遍历漏洞

AVEVA System Platform是英国AVEVA公司的一个应用软件。用于监管、企业 SCADA、MES 和 IIoT 应用程序的响应迅速、标准驱动且可扩展的基础。 AVEVA System Platform 存在路径遍历漏洞，该漏洞源于该软件没有正确中和路径名中的特殊元素，这些元素可能导致路径名解析为受限目录之外的目录。

N/A

N/A