Description
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Schneider Electric / EcoStruxure™ Power Monitoring Expert (PME)Version 2022 – Version 2022
- Schneider Electric / EcoStruxure™ Power Monitoring Expert (PME)Version 2023 – Version 2023
- Schneider Electric / EcoStruxure™ Power Monitoring Expert (PME)Version 2024 – Version 2024
- Schneider Electric / EcoStruxure™ Power Monitoring Expert (PME)Version 2024 R2 – Version 2024 R2
- Schneider Electric / EcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards ModuleVersion 2022 w/ Advanced Reporting Module – Version 2022 w/ Advanced Reporting Module
- Schneider Electric / EcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards ModuleVersion 2024 w/ Advanced Reporting Module – Version 2024 w/ Advanced Reporting Module