Lawo Ag · Vsm Ltc Time Sync · CVE-2024-6049
Name of the Vulnerable Software and Affected Versions:
Lawo AG vsm LTC Time Sync (vTimeSync) (affected versions not specified)
Description:
The web server is affected by a "..." (triple dot) path traversal issue. An unauthenticated remote attacker could download arbitrary files from the operating system by sending a specially crafted HTTP request. The exploitation is limited to files with specific extensions, such as .exe or .txt.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.