Schneider Electric IIoT Monitor Multiple Security Vulnerabilities

Schneider Electric IIoT Monitor is prone to following security vulnerabilities

1. A directory-traversal vulnerability
2. An arbitrary file-upload vulnerability
3. An XML External Entity injection vulnerability

An attacker can exploit these issues to gain access to arbitrary files, upload and execute arbitrary files to the affected computer and gain access to sensitive information.

Schneider Electric IIoT Monitor versions 3.1.38 and prior are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus