CVE-2024-10313

HIGH Year: 2024
CVSS v3 Score
8.0
High
Weakness Type
CWE-22
View all →

Vulnerability Description

iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal vulnerability. When the software loads a malicious ‘ems' project template file constructed by an attacker, it can write files to arbitrary directories. This can lead to overwriting system files, causing system paralysis, or writing to startup items, resulting in remote control.

Related Vulnerabilities

CVE-2015-8798

HIGH
CVSS:8.0(High)

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for C...

CWE-222015

CVE-2018-11494

HIGH
CVSS:8.0(High)

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step...

CWE-222018

CVE-2018-16221

HIGH
CVSS:8.0(High)

The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remo...

CWE-222018

CVE-2018-7771

HIGH
CVSS:8.0(High)

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard...

CWE-222018

CVE-2019-0887

HIGH
CVSS:8.0(High)

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Service...

CWE-222019

CVE-2019-10220

HIGH
CVSS:8.0(High)

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.

CWE-222019