CNNVD-202510-3165 Information
CNNVD ID
CNNVD-202510-3165
Related CVE
- CNNVD Published: 2025-10-22
Description (Chinese)
SAUTER EY-modulo 5 Building Automation Station是SAUTER公司的完整的楼宇管理解决方案。Sauter modu680-AS是瑞士Sauter公司的一个模块化自动化站兼web服务器。 SAUTER多款产品存在安全漏洞,该漏洞源于importFile SOAP方法容易受到目录遍历攻击,可能导致未经验证的远程攻击者绕过路径限制并上传文件到任意位置。以下产品受到影响:modulo 6 devices modu680-AS、modulo 6 devices modu660-AS、modulo 6 devices modu612-LC、EY-modulo 5 modu 5 modu524、EY-modulo 5 modu 5 modu525、EY-modulo 5 ecos 5 ecos504/505。
Description (English)
SUTER EY-modulo 5 Building Assistance State is the complete building management solution for SAUTER. Sauter Modu680-AS is a modular automation station and web server at Sauter, Switzerland. The multiple SAUTER products have a safety loophole, which stems from the fact that the ImportFile SOAP method is vulnerable to catalogue attacks, which may lead unverified long-range assailants to bypass path restrictions and upload files to any location. The following products were affected: Modeulo 6 devices Modu680-AS, Modeulo 6 devices Modu660-AS, Modulo 6 devices Modu612-LC, EY-modulo 5 Modu 5 Modu 524, EY-modulo 5 Modu 5 Modu525, EY-modulo 5 ecos 5 ecos 504/555.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Sauter
Published
2025-10-22
Last Modified
2026-02-24
References
https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json https://access.redhat.com/security/cve/cve-2025-41723
Patch
https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json
Share on: