CVE-2018-7806— Schneider Electric StruxureWare Data Center Operation 安全漏洞

N/A

Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.

N/A

N/A

Schneider Electric StruxureWare Data Center Operation 安全漏洞

Schneider Electric StruxureWare Data Center Operation是法国施耐德电气（Schneider Electric）公司的一套数据中心运营软件。该软件通过库存管理、PUE计算、实时设备警报和基于位置的深入分析，对数据中心操作进行即时概览。 Schneider Electric StruxureWare Data Center Operation中存在安全漏洞。攻击者可借助恶意制作的文件利用该漏洞将任意文件上传到目标目录之外的服务器文件系统上。

N/A

N/A