CVE-2017-9970

Sažetak

A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution.

Reference

http://www.securityfocus.com/bid/103052
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-04
https://www.schneider-electric.com/en/download/document/SEVD-2018-039-01/

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-03-2018 - 16:37

Objavljeno

12-02-2018 - 23:29