Back to search
CVE-2020-7478
Published: Mar 23, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.
| Vendor | Product | Versions |
|---|---|---|
n/a | IGSS (Interactive Graphical SCADA System) (IGSS Version prior to 14.0.0.20009) | affected IGSS (Interactive Graphical SCADA System) (Versions 14 and prior using the service: IGSSupdate) |
Weaknesses (CWE)
References
https://www.se.com/ww/en/download/document/SEVD-2020-070-01/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-371/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now