Schneider Electric C-Bus Toolkit PROJECT RESTORE Directory Traversal Information Disclosure Vulnerability

April 22nd, 2021
ZDI-21-450 ZDI-CAN-12604

CVE ID

CVE-2021-22720

CVSS Score

6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Vendors

Schneider Electric

Affected Products

C-Bus Toolkit

Vulnerability Details

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric C-Bus Toolkit. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the processing of commands sent to the C-Gate 2 Service. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.

Additional Details

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01

https://us-cert.cisa.gov/ics/advisories/icsa-21-105-01


Disclosure Timeline

  • 2021-02-03 - Vulnerability reported to vendor
  • 2021-04-22 - Coordinated public release of advisory
  • 2023-09-20 - Advisory Updated

Credit

rgod

Back to Advisories