Vulnerability Description
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Indu-Sol | Profinet-Inspektor Nt Firmware | <= 2.4.0 |
| Indu-Sol | Profinet-Inspektor Nt | - |
Related Weaknesses (CWE)
References
- https://code-white.com/public-vulnerability-list/Third Party Advisory
- https://www.indu-sol.com/en/products/profinet/diagnostics/profinet-inspektorr-ntProduct
- https://code-white.com/public-vulnerability-list/Third Party Advisory
- https://www.indu-sol.com/en/products/profinet/diagnostics/profinet-inspektorr-ntProduct
FAQ
What is CVE-2023-49960?
CVE-2023-49960 is a vulnerability with a CVSS score of 7.5 (HIGH). In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename pa...
How severe is CVE-2023-49960?
CVE-2023-49960 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49960?
Check the references section above for vendor advisories and patch information. Affected products include: Indu-Sol Profinet-Inspektor Nt Firmware, Indu-Sol Profinet-Inspektor Nt.