| Title | XINJE XDPPro directory traversal vulnerability |
|---|
| Description | XDPPro is a programming tool for Xinjie PLC that supports ladder diagram programming and instruction list programming.
XDPPro has an arbitrary file overwrite vulnerability, which allows an attacker to gain complete control of the target operating system.
The call chain to open the project file is:
ICSharpCode.SharpZipLib.dll -> ICSharpCode.SharpZipLib.Zip -> FastZip -> ExtractZip -> ExtractEntry -> ExtractFileEntry
During this process, the incoming file names are not filtered, and there is a Zip Slip arbitrary file overwriting vulnerability.
|
|---|
| Source | ⚠️ https://drive.google.com/drive/folders/14jhLis7E0bnVajq_3BY6m9OWW-nmZkzz?usp=drive_link |
|---|
| User | Anonymous User |
|---|
| Submission | 09/22/2023 09:42 (3 years ago) |
|---|
| Moderation | 10/09/2023 16:09 (17 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 199659 [XINJE PLC Program Tool up to 3.5.1 Project File path traversal] |
|---|
| Points | 0 |
|---|