CVE-2021-34605

Name of the Vulnerable Software and Affected Versions XINJE XD/E Series PLC Program Tool versions up to v3.5.1

Description A zip slip vulnerability can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This issue can be triggered by manually opening an infected project file or by initiating an upload program request from an infected Xinje PLC, potentially resulting in remote code execution, information disclosure, and denial of service of the system running the XINJE XD/E Series PLC Program Tool.

Recommendations For XINJE XD/E Series PLC Program Tool versions up to v3.5.1, update to a version later than v3.5.1 to resolve the issue. As a temporary workaround, consider avoiding the use of potentially infected project files and restricting upload program requests from untrusted Xinje PLC devices.