Unrated severityNVD Advisory· Published Nov 4, 2022· Updated Apr 30, 2025

CVE-2022-41670

Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Affected products

Schneider Electric/Pro-face BLUEllm-fuzzy2 versions
<= V3.3 Hotfix 1+ 1 more
- (no CPE)range: <= V3.3 Hotfix 1
- (no CPE)range: V3.3
Schneider Electric/Ecostruxure™ Operator Terminal Expertllm-fuzzy2 versions
<= V3.3 Hotfix 1+ 1 more
- (no CPE)range: <= V3.3 Hotfix 1
- (no CPE)range: V3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.se.com/ww/en/download/document/SEVD-2022-284-01/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000