1. Home
  2. CVE Database
  3. CVE-2022-41670
HIGH · 7.0

CVE-2022-41670

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load mal...

Vulnerability Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-ElectricEcostruxure Operator Terminal Expert< 3.3
Schneider-ElectricPro-Face Blue< 3.3

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2022-41670?

CVE-2022-41670 is a vulnerability with a CVSS score of 7.0 (HIGH). A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load mal...

How severe is CVE-2022-41670?

CVE-2022-41670 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-41670?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Operator Terminal Expert, Schneider-Electric Pro-Face Blue.