The exploit describes a directory traversal vulnerability in Schneider Electric TAC Xenta 511 and 911 PLCs, allowing unauthorized access to credentials via a crafted URI. The vulnerability is due to improper path sanitization in the help manuals, enabling attackers to traverse directories and extract sensitive information.
Classification
Writeup 90%
Target:
Schneider Electric TAC Xenta 511 and 911 PLCs (version 5.17)
No auth needed
Prerequisites:
Network access to the vulnerable device · Old browser or tool supporting ancient SSL configurations