CVE-2022-2788

HIGH Year: 2022
CVSS v3 Score
7.3
High
Weakness Type
CWE-29
View all →

Vulnerability Description

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code.

Related Vulnerabilities

CVE-2024-6139

HIGH
CVSS:7.3(High)

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system an...

CWE-292024

CVE-2024-13059

HIGH
CVSS:7.2(High)

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arb...

CWE-292024

CVE-2024-21518

HIGH
CVSS:7.2(High)

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files withi...

CWE-292024

CVE-2024-8248

HIGH
CVSS:7.2(High)

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can r...

CWE-292024

CVE-2023-6021

HIGH
CVSS:7.5(High)

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.any...

CWE-292023

CVE-2023-6130

HIGH
CVSS:7.5(High)

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

CWE-292023