PT-2022-6533 · Schneider Electric · Ecostruxure Operator Terminal Expert+1
Published
2022-10-11
·
Updated
2022-11-08
·
CVE-2022-41670
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior
Pro-face BLUE versions V3.3 Hotfix 1 or prior
Description
A path traversal vulnerability exists in the SGIUtility component, allowing adversaries with local user privileges to load malicious DLL, which could result in execution of malicious code.
Recommendations
For EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior, consider disabling the SGIUtility component until a patch is available.
For Pro-face BLUE versions V3.3 Hotfix 1 or prior, restrict access to the SGIUtility component to minimize the risk of exploitation.
As a temporary workaround, avoid using the SGIUtility component in the affected products until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecostruxure Operator Terminal Expert
Pro-Face Blue