Siemens SIMATIC PCS 7 and SIMATIC WinCC are both products of Siemens, a German company. SIMATIC PCS 7 is a process control system and SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A path traversal vulnerability exists in SIMATIC PCS 7 and SIMATIC WinCC, which stems from a failure to properly neutralize special elements in path names when downloading files. An attacker could then exploit the vulnerability to cause the pathname to resolve to a location on the server outside of the restricted directory and read unexpected critical files.