CVE-2017-9970 in StruxureOn Gatewayinfo

Zusammenfassung

von MITRE

A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

26.06.2017

Veröffentlichung

12.02.2018

Moderieren

akzeptiert

Eintrag

VDB-113185

CPE

bereit

CWE

CWE-434 (bestätigt)

CVSS

7.2 (NVD)

EPSS

0.02790

KEV

nein

Aktivitäten

very low

Sektor

Telecommunication, Energy, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-9970
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-9970
CVE Details	https://www.cvedetails.com/cve/CVE-2017-9970/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!