CVE-2020-7529

IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('Path Transversal') CWE-22
A vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file.

Risk Information

  • CVE ID
  • CVE-2020-7529
  • Vendor
  • Schneider Electric
  • Product
  • SCADAPack
  • CVSS v3
  • 5.5