Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Path Traversal
Smartics
NVD
CVSS 3.1
2.7
EPSS
0.6%
Prev
Page 3 of 3