CVE-2021-32981

Name of the Vulnerable Software and Affected Versions AVEVA System Platform versions 2017 through 2020 R2 P01

Description The issue arises from the software's failure to properly neutralize special elements within a pathname that is constructed using external input. This pathname is intended to identify a file or directory located underneath a restricted parent directory. However, due to the lack of proper neutralization of special elements, the pathname can resolve to a location outside of the restricted directory.

Recommendations For AVEVA System Platform versions 2017 through 2020 R2 P01, consider implementing input validation to ensure that external inputs used in constructing pathnames do not contain special elements that could lead to accessing files or directories outside the intended restricted directory. As a temporary workaround, restrict access to sensitive files and directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.