mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 05:28:59 +00:00
125 lines
4.0 KiB
JSON
125 lines
4.0 KiB
JSON
{
|
|
"id": "CVE-2020-7495",
|
|
"sourceIdentifier": "cybersecurity@se.com",
|
|
"published": "2020-06-16T20:15:14.457",
|
|
"lastModified": "2020-06-19T17:52:28.320",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una CWE-22: Se presenta una vulnerabilidad de Limitaci\u00f3n Inapropiada de un Nombre de Ruta en un Directorio Restringido (\"Path Traversal\") durante la extracci\u00f3n de un archivo zip se presenta en EcoStruxure Operator Terminal Expert versiones 3.1 Service Pack 1 y anteriores (anteriormente conocido como Vijeo XD) que podr\u00eda causar un acceso de escritura no autorizado fuera de la carpeta de ruta esperada cuando se abre el archivo del proyecto"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "cybersecurity@se.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "3.0",
|
|
"matchCriteriaId": "9E274928-428F-4CD4-9EF6-7C499B4FBCBA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.1:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C5B39FB1-D76F-47E9-AA10-E32282202F04"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.1:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DC9E5C58-B3D1-4871-A63D-0E48E747C610"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-04",
|
|
"source": "cybersecurity@se.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |