Description
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Affected products
- Schneider Electric / Sage 1410Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
- Schneider Electric / Sage 1430Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
- Schneider Electric / Sage 1450Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
- Schneider Electric / Sage 2400Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
- Schneider Electric / Sage 3030 MagnumVersions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
- Schneider Electric / Sage 4400Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior