Path Traversal in Schneider-electric Citecthistorian

CVE-2011-4036

Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.005 (66.6th percentile) — read the EPSS interpretation.

Affected products

Schneider-electric Citecthistorian — versions 4.20
Schneider-electric Citectscada_reports — versions 4.0
Schneider-electric Vijeo_historian — versions 4.0, 4.10, 4.20
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

cret@cert.org (x_refsource_CONFIRM)
cret@cert.org (US Government Resource, x_refsource_MISC)
cret@cert.org (x_refsource_CONFIRM)