Unrated severityNVD Advisory· Published Feb 12, 2018· Updated Sep 16, 2024

CVE-2017-9970

Description

A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Schneider Electric/StruxureOn Gatewayllm-create
Range: <=1.1.3

Patches

Vulnerability mechanics

References

www.securityfocus.com/bid/103052mitrevdb-entryx_refsource_BID
ics-cert.us-cert.gov/advisories/ICSA-18-046-04mitrex_refsource_MISC
www.schneider-electric.com/en/download/document/SEVD-2018-039-01/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000