zenLogSrv: path traversal allows transfer of arbitrary files

zenLogSrv: path traversal allows transfer of arbitrary files

Description

A zenon installation with the zenon LOG Service (zenLogSrv) allowed to retrieve and load arbitrary files from a remote system over the network.

This behavior has been changed for:

  • zenon 12 and higher
  • zenon 8.20, 10 and 11 with build 101376 or higher

Now only regular log files for the Diagnosis Viewer can be loaded.



Item ID: 253435
Version: 10.00 Build: 102631
Version: 8.20 Build: 102334
Version: 8.10 Build: 111334

    • Related Articles

    • FAQ: How to prevent corrupted files after power outage?

      Read the attached PDF files (English/German) for more information on how to set up your system to avoid corrupted files in case of an power outage.

    • FAQ: How to import external vector graphic files in zenon?

      Import of vector graphics (DXF and PLT files) is not available for the 64-bit Engineering Studio, so that this can only be done in 32-Bit Engineering Studio. To start 32-Bit Engineering Studio, in the zenon Startup Tool right-click on the respective ...

    • zenon Changesets Excel

      Here, you can access a comprehensive list of changes across all maintained versions of the zenon Software Platform as Excel Worksheets. This includes both implemented bug-fixes and new features. Additionally, these lists are available in CSV format ...

    • zenon Changesets CSV

      Here, you can access a comprehensive list of changes across all maintained versions of the zenon Software Platform as Excel Worksheets. This includes both implemented bug-fixes and new features. Additionally, these lists are available in as Excel ...

    • zenLogSrv: no TCP keep alive for listening socket

      Description The TCP server of zenLogSrv.exe did not send TCP keep alive messages to check if the TCP connection is still available. The issue has been addressed by automatically enabling TCP server now automatically enables the TCP keep alive for the ...