zenLogSrv: path traversal allows transfer of arbitrary files
Description
A zenon installation with the zenon LOG Service (zenLogSrv)
allowed to retrieve and load arbitrary files from a remote system over the
network.
This behavior has been changed for:
- zenon 12 and higher
- zenon 8.20, 10 and 11 with build 101376 or
higher
Now only regular log files for the Diagnosis Viewer can
be loaded.
Item ID: 253435
Version: 10.00 Build: 102631
Version: 8.20 Build: 102334
Version: 8.10 Build: 111334
Related Articles
FAQ: How to prevent corrupted files after power outage?
Read the attached PDF files (English/German) for more information on how to set up your system to avoid corrupted files in case of an power outage.
zenLogSrv: no TCP keep alive for listening socket
Description The TCP server of zenLogSrv.exe did not send TCP keep alive messages to check if the TCP connection is still available. The issue has been addressed by automatically enabling TCP server now automatically enables the TCP keep alive for the ...
zenon Changesets CSV
Here, you can access a comprehensive list of changes across all maintained versions of the zenon Software Platform as Excel Worksheets. This includes both implemented bug-fixes and new features. Additionally, these lists are available in as Excel ...
zenon Changesets Excel
Here, you can access a comprehensive list of changes across all maintained versions of the zenon Software Platform as Excel Worksheets. This includes both implemented bug-fixes and new features. Additionally, these lists are available in CSV format ...
Import of zenPG config from SE to ES (decompile) no longer works in zenon 14 - "empty" templates used instead
Description When importing Service Engine files into the zenon Engineering Studio, zenon Process Gateway configurations were replaced by default templates instead of the actual configuration. The issue has been addressed and the zenPG configuration ...