schneider-electric struxureware-data-center-expert CVE-2018-7807 is a vulnerability in Schneider Electric Struxureware Data Center Expert
Published on November 30, 2018

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.

NVD


Products Associated with CVE-2018-7807

Want to know whenever a new CVE is published for Schneider Electric Struxureware Data Center Expert? stack.watch will email you.

Schneider Electric Struxureware Data Center Expert
 

Affected Versions

Schneider Electric SE Data Center Expert versions 7.5.0 and earlier Version Data Center Expert versions 7.5.0 and earlier is affected by CVE-2018-7807

Exploit Probability

EPSS
0.76%
Percentile
73.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.