Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. The affected file download function is disabled by default.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Siemens SIMATIC PCS 7 路径遍历漏洞
Vulnerability Description
Siemens SIMATIC是西门子(Siemens)的一款组态软件。 Siemens SIMATIC PCS 7 存在路径遍历漏洞,该漏洞源于下载文件时,受影响的系统无法正确消除路径名中的特殊元素。 然后,攻击者可能会导致路径名解析到服务器上受限目录之外的位置,并读取意外的关键文件。 受影响的文件下载功能默认关闭。
CVSS Information
N/A
Vulnerability Type
N/A