Overview
- Description
- An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:macgregor:interschalt_vdr_g4e_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CED0AFF1-D11B-4D5A-AEFF-0ADDCB5F6947",
"versionEndIncluding": "5.220"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:macgregor:interschalt_vdr_g4e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BF42A648-D783-4FCB-BE6A-C9D0EF0EB2F6"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]