•
MEDIUM Severity
CVE-2025-5158
Path traversal vulnerability in H3C SecCenter SMP-E1114P02 file downloadSoftware
Overview
A path traversal vulnerability was found in H3C SecCenter SMP-E1114P02 up to the release of 20250513.
Technical Details
The vulnerability affects the function downloadSoftware. A manipulation of the argument filename allows for path traversal initiated remotely.
CVSS Metrics
- Attack Vector: NETWORK
- Attack complexity: LOW
- Privileges required: LOW
- User interaction: NONE
- Confidentiality Impact: LOW
- Integrity Impact: NONE
- Availability Impact: NONE
Impact
The vulnerability may lead to unauthorized access to files, posing confidentiality risks.
Recommendations
Vendors should urgently provide a patch or update to address this vulnerability. Users and administrators are advised to limit network exposure for all control system devices and ensure they are not accessible from the internet.
Threat Metrics
- "cvss_score": 5.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"