Steve Karg

**Name of the Vulnerable Software and Affected Versions** BACnet Stack versions prior to 1.5.0.rc3 **Description** The BACnet Stack software contains a flaw in its file writing functionality. Specifically, there is a lack of validation for user-supplied file paths, which could allow attackers to write files to arbitrary directories. The affected files are `apps/readfile/main.c` and `ports/posix/bacfile-posix.c`. **Recommendations** Update to version 1.5.0.rc3 or later.