Sh7Err02

**Name of the Vulnerable Software and Affected Versions** Scada-LTS versions up to 2.7.8.1 **Description** A cross-site request forgery condition exists in Scada-LTS. This impacts an unknown function and can be initiated remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 2.7.8.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Scada-LTS versions prior to 2.7.8.1 **Description** A path traversal issue exists in Scada-LTS. The `Common.getHomeDir` function within the `br/org/scadabr/vo/exporter/ZIPProjectManager.java` file of the Project Import component is affected. This manipulation can be exploited remotely. The exploit is publicly available. **Recommendations** Update Scada-LTS to version 2.7.8.1 or later.