Security Advisory

mySCADA myDESIGNER Zip Slip

Upgrade to myDESIGNER 8.21.0 or later. Only handle project files from trusted sources. Password protect trusted project files when possible. Block emails with attachments that have a mep extension. If possible, try to handle project files in an isolated environment away from the OT network.

Risk Information

Possible Threat

CVE ID

CVE-2021-41578

Vunerability Type

Path Traversal

CVSS3 Score

7.8

CVSSv3 Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affecting

mySCADA myDESIGNER 8.20.0 and below

Mitigation

Upgrade to myDESIGNER 8.21.0 or later

09/27/2021