Description
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100847
Scores
CVSS v3
8.8
EPSS
0.0275
EPSS Percentile
84.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
CWE-23
Status
published
Products (2)
loytec/lvis-3me_firmware
< 6.1.1
n/a/LOYTEC LVIS-3ME
LOYTEC LVIS-3ME
Published
Oct 05, 2017
Tracked Since
Feb 18, 2026