CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
54.1%
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes (‘zip-slip’). File writes do not affect confidentiality or availability.
Vendor | Product | Version | CPE |
---|---|---|---|
pilz | pasvisu | * | cpe:2.3:a:pilz:pasvisu:*:*:*:*:*:*:*:* |
pilz | pmi_v507_firmware | * | cpe:2.3:o:pilz:pmi_v507_firmware:*:*:*:*:*:*:*:* |
pilz | pmi_v507 | - | cpe:2.3:h:pilz:pmi_v507:-:*:*:*:*:*:*:* |
pilz | pmi_v512_firmware | * | cpe:2.3:o:pilz:pmi_v512_firmware:*:*:*:*:*:*:*:* |
pilz | pmi_v512 | - | cpe:2.3:h:pilz:pmi_v512:-:*:*:*:*:*:*:* |
pilz | pmi_v704e_firmware | * | cpe:2.3:o:pilz:pmi_v704e_firmware:*:*:*:*:*:*:*:* |
pilz | pmi_v704e | - | cpe:2.3:h:pilz:pmi_v704e:-:*:*:*:*:*:*:* |
pilz | pmi_v707e_firmware | * | cpe:2.3:o:pilz:pmi_v707e_firmware:*:*:*:*:*:*:*:* |
pilz | pmi_v707e | - | cpe:2.3:h:pilz:pmi_v707e:-:*:*:*:*:*:*:* |
pilz | pmi_v807_firmware | * | cpe:2.3:o:pilz:pmi_v807_firmware:*:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "PASvisu",
"vendor": "PILZ",
"versions": [
{
"lessThan": "1.12.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PMI v5xx (265507 + 265512)",
"vendor": "PILZ",
"versions": [
{
"lessThanOrEqual": "1.3.58",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PMI v7xx (266704 + 266707)",
"vendor": "PILZ",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PMI v8xx (266807, 266812, 266815)",
"vendor": "PILZ",
"versions": [
{
"lessThan": "1.6.102",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
]
More