Inneo · Inneo Startup Tools · CVE-2020-15492
**Name of the Vulnerable Software and Affected Versions**
INNEO Startup TOOLS versions 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804
**Description**
An issue in the sut srv.exe web application allows user input to be included into a filesystem access without validation, potentially enabling an unauthenticated attacker to read files on the server via Directory Traversal. This could have unspecified other impact.
**Recommendations**
For versions 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804, consider restricting access to the sut srv.exe web application served on TCP port 85 until a fix is available. As a temporary workaround, restrict filesystem access to prevent unauthorized file reading.