CVE-2020-7569

Name of the Vulnerable Software and Affected Versions: EcoStruxure Building Operation WebReports versions V1.9 through V3.1

Description: A vulnerability exists due to the incorrect verification of user-supplied files, allowing an authenticated remote user to upload arbitrary files and achieve remote code execution. This issue is related to the unrestricted upload of files with dangerous types.

Recommendations: For versions V1.9 through V3.1, update to a version that includes the fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to file upload functionality until a patch is available. Avoid using the file upload feature in the affected WebReports versions until the issue is resolved.