< ciso
brief />
Tag Banner

All news with #path traversal tag

44 articles · page 3 of 3

AutomationDirect Productivity Suite: Multiple High-Risk Flaws

⚠️ AutomationDirect's Productivity Suite and several Productivity PLC models contain multiple high-severity vulnerabilities — including relative path traversal (ZipSlip), a weak password recovery mechanism, incorrect permission assignment, and binding to an unrestricted IP address. Exploitation could allow remote attackers to read, write, or delete files, execute arbitrary code, or gain full control of projects. AutomationDirect has released updates (Productivity Suite v4.5.0.x and newer) and recommends applying the latest firmware and implementing network isolation and firewall/NAC controls if immediate upgrades are not possible.
read more →

Rockwell Automation PanelView and FactoryTalk ME Flaws

🔒 Rockwell Automation disclosed vulnerabilities in FactoryTalk View Machine Edition and PanelView Plus 7 that can allow unauthorized access to device file systems and diagnostic data. CVE-2025-9064 is a network-exploitable path traversal issue; CVE-2025-9063 is an improper-authorization flaw tied to an ActiveX control. Rockwell recommends installing provided firmware and software updates, and CISA advises minimizing network exposure, isolating control networks, and using secure remote access.
read more →

CISA Adds Grafana Path Traversal to KEV Catalog Notice

📢 CISA has added CVE-2021-43798 — a Grafana path traversal vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. The agency notes that path traversal is a frequent attack vector that poses significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by required due dates. CISA strongly urges all organizations to prioritize remediation and will continue updating the KEV Catalog.
read more →

Delta DIALink Path Traversal Vulnerabilities (CVE-2025)

⚠️ Delta Electronics' DIALink contains multiple path traversal vulnerabilities that can be exploited remotely to bypass authentication, including at least one flaw rated CVSS v4 10.0. Affected releases include V1.6.0.0 and prior. An anonymous researcher working with Trend Micro's Zero Day Initiative reported the issues to CISA and Delta has released updates. Organizations should upgrade to v1.8.0.0 or later, segment devices from business networks, avoid exposing control equipment to the Internet, and use secure remote access methods.
read more →