A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pliz | pasmotion | * |
| pilz | pas_4000 | * |
| pliz | pnozmulti_configurator | * |
| pliz | pasconnect | * |
| pliz | pascal | * |