Vulnerabilities > CVE-2020-7529 - Unspecified vulnerability in Schneider-Electric Scadapack 7X Remote Connect 3.6.3.574

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
local
low complexity
schneider-electric

Summary

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file.

Vulnerable Configurations

Part Description Count
Application
Schneider-Electric
1