CVE-2024-3980

Name of the Vulnerable Software and Affected Versions MicroSCADA Pro/X SYS600 (affected versions not specified)

Description The product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited, this issue allows the attacker to access or modify system files or other files that are critical to the application. The vulnerability is related to uncontrolled user input, which risks system files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting user input that can influence file paths or names in filesystem operations to minimize the risk of exploitation. Avoid using user-controlled input in filesystem operations until the issue is resolved.