CVE-2021-41578

Name of the Vulnerable Software and Affected Versions mySCADA myDESIGNER versions 8.20.0 and below

Description The issue allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution.

Recommendations For mySCADA myDESIGNER versions 8.20.0 and below, consider restricting the import of project files or validating the files before import to minimize the risk of exploitation. As a temporary workaround, avoid importing mep files from untrusted sources until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.