Schneider.Electric.IIoT.Monitor.downloadCSV.Path.Traversal
Description
This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Schneider Electric IIoT Monitor.
A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to downloadCSV.jsp. Successful exploitation could result in the disclosure of arbitrary file contents for any file accessible by SYSTEM.
Affected Products
Schneider Electric IIoT Monitor 3.1.38 and prior
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |