CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
21.7%
A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes (‘zip-slip’). File writes do not affect confidentiality or availability.
Vendor | Product | Version | CPE |
---|---|---|---|
pilz | pss_4000 | - | cpe:2.3:h:pilz:pss_4000:-:*:*:*:*:*:*:* |
pilz | pas_4000 | * | cpe:2.3:o:pilz:pas_4000:*:*:*:*:*:*:*:* |
pliz | pascal | * | cpe:2.3:a:pliz:pascal:*:*:*:*:*:*:*:* |
pliz | pasconnect | * | cpe:2.3:a:pliz:pasconnect:*:*:*:*:*:*:*:* |
pliz | pasmotion | * | cpe:2.3:a:pliz:pasmotion:*:*:*:*:*:*:*:* |
pliz | pnozmulti_configurator | * | cpe:2.3:a:pliz:pnozmulti_configurator:*:*:*:*:long_term_support:*:*:* |
pliz | pnozmulti_configurator | * | cpe:2.3:a:pliz:pnozmulti_configurator:*:*:*:*:-:*:*:* |