CVE-2023-25914
Path Traversal in Danfoss AK-SM800A
| CVE | CVE-2023-25914 | |||||||||||
| Title | Path Traversal in Danfoss AK-SM800A | |||||||||||
| Credits |
|
|||||||||||
| Affected products |
|
|||||||||||
| CVSS |
Base score:
9.9
(CRITICAL) |
|||||||||||
| References |
|
|||||||||||
| Problem type(s) | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||||||||
| Date published | ||||||||||||
| Last modified |
Description
Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.
Workaround(s)
Upgrade to the latest patch, which is version 3.3.
JSON version.