Overview
CVE-2025-13791 describes a path traversal vulnerability discovered in Scada-LTS (Long Term Support) versions up to 2.7.8.1. This vulnerability resides within the Project Import functionality and can be exploited remotely. The vendor was notified but did not respond.
Technical Details
The vulnerability is located in the Common.getHomeDir function within the br/org/scadabr/vo/exporter/ZIPProjectManager.java file. By manipulating input during the Project Import process, an attacker can inject arbitrary paths, allowing them to read or potentially overwrite files outside the intended directory. This type of vulnerability is commonly known as a Zip Slip vulnerability. The exploit is publicly available.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) score for CVE-2025-13791 is 6.3 (MEDIUM).
- Attack Vector: Network (AV:N)
- Attack Complexity: Low (AC:L)
- Privileges Required: None (PR:N)
- User Interaction: None (UI:N)
- Scope: Unchanged (S:U)
- Confidentiality Impact: Low (C:L)
- Integrity Impact: Low (I:L)
- Availability Impact: None (A:N)
This score reflects the ease of exploitation due to the vulnerability being remotely accessible and the low attack complexity.
Possible Impact
Successful exploitation of this vulnerability could lead to:
- Information Disclosure: An attacker could read sensitive files on the Scada-LTS server.
- System Compromise: In some cases, attackers might be able to overwrite critical system files, potentially leading to a denial-of-service or complete system compromise.
Mitigation or Patch Steps
Unfortunately, as of this writing, there is no official patch available from the vendor. Recommended mitigation steps include:
- Input Validation: Implement rigorous input validation on the file paths provided during Project Import. Sanitize all user-supplied paths to prevent traversal.
- Principle of Least Privilege: Ensure that the Scada-LTS application runs with the minimum necessary privileges to reduce the impact of a successful exploit.
- Network Segmentation: Isolate the Scada-LTS system from other critical network segments to limit the potential damage from a compromised system.
- Monitor System Activity: Implement monitoring to detect suspicious activity, such as unauthorized file access attempts.
Note: Given the vendor’s lack of response, users should strongly consider migrating to a more actively maintained SCADA solution.
