A vulnerability has been identified in LOGO! Soft Comfort (All versions). A zip slip vulnerability could be triggered while importing a compromised project file to the affected software. Chained with other vulnerabilities this vulnerability could ultimately lead to a system takeover by an attacker.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25243
Reference (s):
- https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf
- URL: https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf