A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| pilz | pasvisu | 1.12.0 | - |
| pilz | pmi_v507_firmware | 1.3.58 | - |
| pilz | pmi_v512_firmware | 1.3.58 |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
8
Affected Products
2
References
pilz / pasvisu
| - |
| pilz | pmi_v704e_firmware | 2.2.0 | - |
| pilz | pmi_v707e_firmware | 2.2.0 | - |
| pilz | pmi_v807_firmware | 1.6.102 | - |
| pilz | pmi_v812_firmware | 1.6.102 | - |
| pilz | pmi_v815_firmware | 1.6.102 | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability
Impact