Vulnerabilities > CVE-2021-42022 - Unspecified vulnerability in Siemens Simatic Easie PCS 7 Skill 20.07/21.00
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. The affected file download function is disabled by default.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |