CVE-2023-49960

HIGH

indu-sol PROFINET-INspektor NT < 2.4.0 - Path Traversal and Arbitrary File Write via httpuploadd Upload Endpoint

Title source: llm

Description

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint.

References (2)

Core 2

Core References

Third Party Advisory

https://code-white.com/public-vulnerability-list/

Product

https://www.indu-sol.com/en/products/profinet/diagnostics/profinet-inspektorr-nt/

Scores

CVSS v3 7.5

EPSS 0.0066

EPSS Percentile 46.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

indu-sol/profinet-inspektor_nt_firmware < 2.4.0

Published Feb 26, 2024

Tracked Since Feb 18, 2026